Class: Authlete::Api

Inherits:
Object
  • Object
show all
Includes:
Utility
Defined in:
lib/authlete/api.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utility

#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate

Instance Attribute Details

#extra_headersObject

Returns the value of attribute extra_headers.



32
33
34
# File 'lib/authlete/api.rb', line 32

def extra_headers
  @extra_headers
end

#hostObject

Returns the value of attribute host.



27
28
29
# File 'lib/authlete/api.rb', line 27

def host
  @host
end

#service_api_keyObject

Returns the value of attribute service_api_key.



30
31
32
# File 'lib/authlete/api.rb', line 30

def service_api_key
  @service_api_key
end

#service_api_secretObject

Returns the value of attribute service_api_secret.



31
32
33
# File 'lib/authlete/api.rb', line 31

def service_api_secret
  @service_api_secret
end

#service_owner_api_keyObject

Returns the value of attribute service_owner_api_key.



28
29
30
# File 'lib/authlete/api.rb', line 28

def service_owner_api_key
  @service_owner_api_key
end

#service_owner_api_secretObject

Returns the value of attribute service_owner_api_secret.



29
30
31
# File 'lib/authlete/api.rb', line 29

def service_owner_api_secret
  @service_owner_api_secret
end

Instance Method Details

#authorization(request) ⇒ Object



201
202
203
204
205
# File 'lib/authlete/api.rb', line 201

def authorization(request)
  hash = call_api_json_service("/api/auth/authorization", to_hash(request))

  Authlete::Model::Response::AuthorizationResponse.new(hash)
end

#authorization_fail(request) ⇒ Object



213
214
215
216
217
# File 'lib/authlete/api.rb', line 213

def authorization_fail(request)
  hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))

  Authlete::Model::Response::AuthorizationFailResponse.new(hash)
end

#authorization_issue(request) ⇒ Object



207
208
209
210
211
# File 'lib/authlete/api.rb', line 207

def authorization_issue(request)
  hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))

  Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
end

#backchannel_authentication(request) ⇒ Object



445
446
447
448
449
# File 'lib/authlete/api.rb', line 445

def backchannel_authentication(request)
  hash = call_api_json_service("/api/backchannel/authentication", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash)
end

#backchannel_authentication_complete(request) ⇒ Object



463
464
465
466
467
# File 'lib/authlete/api.rb', line 463

def backchannel_authentication_complete(request)
  hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash)
end

#backchannel_authentication_fail(request) ⇒ Object



457
458
459
460
461
# File 'lib/authlete/api.rb', line 457

def backchannel_authentication_fail(request)
  hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash)
end

#backchannel_authentication_issue(request) ⇒ Object



451
452
453
454
455
# File 'lib/authlete/api.rb', line 451

def backchannel_authentication_issue(request)
  hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash)
end

#client_create(client) ⇒ Object



277
278
279
280
281
# File 'lib/authlete/api.rb', line 277

def client_create(client)
  hash = call_api_json_service("/api/client/create", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#client_delete(client_id) ⇒ Object



283
284
285
# File 'lib/authlete/api.rb', line 283

def client_delete(client_id)
  call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
end

#client_get(client_id) ⇒ Object



287
288
289
290
291
# File 'lib/authlete/api.rb', line 287

def client_get(client_id)
  hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)

  Authlete::Model::Client.new(hash)
end

#client_get_list(params = nil) ⇒ Object



293
294
295
296
297
# File 'lib/authlete/api.rb', line 293

def client_get_list(params = nil)
  hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ClientListResponse.new(hash)
end

#client_update(client) ⇒ Object



299
300
301
302
303
# File 'lib/authlete/api.rb', line 299

def client_update(client)
  hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#delete_client_authorization(client_id, subject) ⇒ Object



329
330
331
332
333
# File 'lib/authlete/api.rb', line 329

def delete_client_authorization(client_id, subject)
  request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject)

  call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
end

#delete_granted_scopes(client_id, subject) ⇒ Object



399
400
401
402
403
# File 'lib/authlete/api.rb', line 399

def delete_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request))
end

#delete_requestable_scopes(client_id) ⇒ Object



417
418
419
# File 'lib/authlete/api.rb', line 417

def delete_requestable_scopes(client_id)
  call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil)
end

#device_authorization(request) ⇒ Object



469
470
471
472
473
# File 'lib/authlete/api.rb', line 469

def device_authorization(request)
  hash = call_api_json_service("/api/device/authorization", to_hash(request))

  Authlete::Model::Response::DeviceAuthorizationResponse.new(hash)
end

#device_complete(request) ⇒ Object



475
476
477
478
479
# File 'lib/authlete/api.rb', line 475

def device_complete(request)
  hash = call_api_json_service("/api/device/complete", to_hash(request))

  Authlete::Model::Response::DeviceCompleteResponse.new(hash)
end

#device_verification(request) ⇒ Object



481
482
483
484
485
# File 'lib/authlete/api.rb', line 481

def device_verification(request)
  hash = call_api_json_service("/api/device/verification", to_hash(request))

  Authlete::Model::Response::DeviceVerificationResponse.new(hash)
end

#dynamic_client_delete(request) ⇒ Object



439
440
441
442
443
# File 'lib/authlete/api.rb', line 439

def dynamic_client_delete(request)
  hash = call_api_json_service("/api/client/registration/delete", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_get(request) ⇒ Object



427
428
429
430
431
# File 'lib/authlete/api.rb', line 427

def dynamic_client_get(request)
  hash = call_api_json_service("/api/client/registration/get", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_register(request) ⇒ Object



421
422
423
424
425
# File 'lib/authlete/api.rb', line 421

def dynamic_client_register(request)
  hash = call_api_json_service("/api/client/registration", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_update(request) ⇒ Object



433
434
435
436
437
# File 'lib/authlete/api.rb', line 433

def dynamic_client_update(request)
  hash = call_api_json_service("/api/client/registration/update", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#emit_rack_error_message(request, message) ⇒ Object



556
557
558
559
560
561
562
# File 'lib/authlete/api.rb', line 556

def emit_rack_error_message(request, message)
  begin
    # Logging if possible.
    request.env['rack.errors'].write("ERROR: #{message}\n")
  rescue => e
  end
end

#get_client_authorization_list(request) ⇒ Object



319
320
321
322
323
# File 'lib/authlete/api.rb', line 319

def get_client_authorization_list(request)
  hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))

  Authlete::Model::Response::AuthorizedClientListResponse.new(hash)
end

#get_granted_scopes(client_id, subject) ⇒ Object



391
392
393
394
395
396
397
# File 'lib/authlete/api.rb', line 391

def get_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request))

  Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
end

#get_requestable_scopes(client_id) ⇒ Object



405
406
407
408
409
# File 'lib/authlete/api.rb', line 405

def get_requestable_scopes(client_id)
  hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil)

  extract_requestable_scopes(hash)
end

#get_service_configuration(params = nil) ⇒ Object



369
370
371
# File 'lib/authlete/api.rb', line 369

def get_service_configuration(params = nil)
  call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
end

#get_service_jwks(params = nil) ⇒ Object



365
366
367
# File 'lib/authlete/api.rb', line 365

def get_service_jwks(params = nil)
  call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
end

#get_token_list(params = nil) ⇒ Object



385
386
387
388
389
# File 'lib/authlete/api.rb', line 385

def get_token_list(params = nil)
  hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::TokenListResponse.new(hash)
end

#introspection(request) ⇒ Object



335
336
337
338
339
# File 'lib/authlete/api.rb', line 335

def introspection(request)
  hash = call_api_json_service('/api/auth/introspection', to_hash(request))

  Authlete::Model::Response::IntrospectionResponse.new(hash)
end

#protect_resource(request, scopes = nil, subject = nil) ⇒ Object

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Model::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.



515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
# File 'lib/authlete/api.rb', line 515

def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'BAD_REQUEST',
      responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  # Create a request for Authlete's /api/auth/introspection API.
  request = Authlete::Model::Request::IntrospectionRequest.new(
    token:   access_token,
    scopes:  scopes,
    subject: subject
  )

  begin
    # Call Authlete's /api/auth/introspection API to introspect the access token.
    result = introspection(request)
  rescue => e
    # Error message.
    message = build_error_message('/api/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'INTERNAL_SERVER_ERROR',
      responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /api/auth/introspection API.
  result
end

#push_authorization_request(request) ⇒ Object



487
488
489
490
491
# File 'lib/authlete/api.rb', line 487

def push_authorization_request(request)
  hash = call_api_json_service("/api/pushed_auth_req", to_hash(request))

  Authlete::Model::Response::PushedAuthReqResponse.new(hash)
end

#refresh_client_secret(client_identifier) ⇒ Object



305
306
307
308
309
# File 'lib/authlete/api.rb', line 305

def refresh_client_secret(client_identifier)
  hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)

  Authlete::Model::Response::ClientSecretRefreshResponse.new(hash)
end

#revocation(request) ⇒ Object



347
348
349
350
351
# File 'lib/authlete/api.rb', line 347

def revocation(request)
  hash = call_api_json_service("/api/auth/revocation", to_hash(request))

  Authlete::Model::Response::RevocationResponse.new(hash)
end

#service_create(service) ⇒ Object



243
244
245
246
247
# File 'lib/authlete/api.rb', line 243

def service_create(service)
  hash = call_api_json_service_owner("/api/service/create", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#service_delete(api_key) ⇒ Object



249
250
251
# File 'lib/authlete/api.rb', line 249

def service_delete(api_key)
  call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil)
end

#service_get(api_key) ⇒ Object



253
254
255
256
257
# File 'lib/authlete/api.rb', line 253

def service_get(api_key)
  hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil)

  Authlete::Model::Service.new(hash)
end

#service_get_list(params = nil) ⇒ Object



259
260
261
262
263
# File 'lib/authlete/api.rb', line 259

def service_get_list(params = nil)
  hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ServiceListResponse.new(hash)
end

#service_update(api_key, service) ⇒ Object



265
266
267
268
269
# File 'lib/authlete/api.rb', line 265

def service_update(api_key, service)
  hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#serviceowner_get_selfObject



271
272
273
274
275
# File 'lib/authlete/api.rb', line 271

def serviceowner_get_self
  hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil)

  Authlete::Model::ServiceOwner.new(hash)
end

#set_requestable_scopes(client_id, scopes) ⇒ Object



411
412
413
414
415
# File 'lib/authlete/api.rb', line 411

def set_requestable_scopes(client_id, scopes)
  hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes })

  extract_requestable_scopes(hash)
end

#standard_introspection(request) ⇒ Object



341
342
343
344
345
# File 'lib/authlete/api.rb', line 341

def standard_introspection(request)
  hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))

  Authlete::Model::Response::StandardIntrospectionResponse.new(hash)
end

#token(request) ⇒ Object



219
220
221
222
223
# File 'lib/authlete/api.rb', line 219

def token(request)
  hash = call_api_json_service("/api/auth/token", to_hash(request))

  Authlete::Model::Response::TokenResponse.new(hash)
end

#token_create(request) ⇒ Object



373
374
375
376
377
# File 'lib/authlete/api.rb', line 373

def token_create(request)
  hash = call_api_json_service("/api/auth/token/create", to_hash(request))

  Authlete::Model::Response::TokenCreateResponse.new(hash)
end

#token_fail(request) ⇒ Object



231
232
233
234
235
# File 'lib/authlete/api.rb', line 231

def token_fail(request)
  hash = call_api_json_service("/api/auth/token/fail", to_hash(request))

  Authlete::Model::Response::TokenFailResponse.new(hash)
end

#token_issue(request) ⇒ Object



225
226
227
228
229
# File 'lib/authlete/api.rb', line 225

def token_issue(request)
  hash = call_api_json_service("/api/auth/token/issue", to_hash(request))

  Authlete::Model::Response::TokenIssueResponse.new(hash)
end

#token_revoke(request) ⇒ Object



237
238
239
240
241
# File 'lib/authlete/api.rb', line 237

def token_revoke(request)
  hash = call_api_json_service("/api/auth/token/revoke", to_hash(request))

  Authlete::Model::Response::TokenRevokeResponse.new(hash)
end

#token_update(request) ⇒ Object



379
380
381
382
383
# File 'lib/authlete/api.rb', line 379

def token_update(request)
  hash = call_api_json_service("/api/auth/token/update", to_hash(request))

  Authlete::Model::Response::TokenUpdateResponse.new(hash)
end

#update_client_authorization(client_id, request) ⇒ Object



325
326
327
# File 'lib/authlete/api.rb', line 325

def update_client_authorization(client_id, request)
  call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
end

#update_client_secret(client_identifier, client_secret) ⇒ Object



311
312
313
314
315
316
317
# File 'lib/authlete/api.rb', line 311

def update_client_secret(client_identifier, client_secret)
  request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret)

  hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)

  Authlete::Model::Response::ClientSecretUpdateResponse.new(hash)
end

#user_info(request) ⇒ Object



353
354
355
356
357
# File 'lib/authlete/api.rb', line 353

def (request)
  hash = call_api_json_service("/api/auth/userinfo", to_hash(request))

  Authlete::Model::Response::UserInfoResponse.new(hash)
end

#user_info_issue(request) ⇒ Object



359
360
361
362
363
# File 'lib/authlete/api.rb', line 359

def (request)
  hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))

  Authlete::Model::Response::UserInfoIssueResponse.new(hash)
end