Class: Authlete::Api

Inherits:
Object
  • Object
show all
Includes:
Utility
Defined in:
lib/authlete/api.rb

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utility

#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate

Instance Attribute Details

#extra_headersObject

Returns the value of attribute extra_headers.


32
33
34
# File 'lib/authlete/api.rb', line 32

def extra_headers
  @extra_headers
end

#hostObject

Returns the value of attribute host.


27
28
29
# File 'lib/authlete/api.rb', line 27

def host
  @host
end

#service_api_keyObject

Returns the value of attribute service_api_key.


30
31
32
# File 'lib/authlete/api.rb', line 30

def service_api_key
  @service_api_key
end

#service_api_secretObject

Returns the value of attribute service_api_secret.


31
32
33
# File 'lib/authlete/api.rb', line 31

def service_api_secret
  @service_api_secret
end

#service_owner_api_keyObject

Returns the value of attribute service_owner_api_key.


28
29
30
# File 'lib/authlete/api.rb', line 28

def service_owner_api_key
  @service_owner_api_key
end

#service_owner_api_secretObject

Returns the value of attribute service_owner_api_secret.


29
30
31
# File 'lib/authlete/api.rb', line 29

def service_owner_api_secret
  @service_owner_api_secret
end

Instance Method Details

#authorization(request) ⇒ Object

[View source]

201
202
203
204
205
# File 'lib/authlete/api.rb', line 201

def authorization(request)
  hash = call_api_json_service("/api/auth/authorization", to_hash(request))

  Authlete::Model::Response::AuthorizationResponse.new(hash)
end

#authorization_fail(request) ⇒ Object

[View source]

213
214
215
216
217
# File 'lib/authlete/api.rb', line 213

def authorization_fail(request)
  hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))

  Authlete::Model::Response::AuthorizationFailResponse.new(hash)
end

#authorization_issue(request) ⇒ Object

[View source]

207
208
209
210
211
# File 'lib/authlete/api.rb', line 207

def authorization_issue(request)
  hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))

  Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
end

#backchannel_authentication(request) ⇒ Object

[View source]

445
446
447
448
449
# File 'lib/authlete/api.rb', line 445

def backchannel_authentication(request)
  hash = call_api_json_service("/api/backchannel/authentication", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash)
end

#backchannel_authentication_complete(request) ⇒ Object

[View source]

463
464
465
466
467
# File 'lib/authlete/api.rb', line 463

def backchannel_authentication_complete(request)
  hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash)
end

#backchannel_authentication_fail(request) ⇒ Object

[View source]

457
458
459
460
461
# File 'lib/authlete/api.rb', line 457

def backchannel_authentication_fail(request)
  hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash)
end

#backchannel_authentication_issue(request) ⇒ Object

[View source]

451
452
453
454
455
# File 'lib/authlete/api.rb', line 451

def backchannel_authentication_issue(request)
  hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash)
end

#client_create(client) ⇒ Object

[View source]

277
278
279
280
281
# File 'lib/authlete/api.rb', line 277

def client_create(client)
  hash = call_api_json_service("/api/client/create", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#client_delete(client_id) ⇒ Object

[View source]

283
284
285
# File 'lib/authlete/api.rb', line 283

def client_delete(client_id)
  call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
end

#client_get(client_id) ⇒ Object

[View source]

287
288
289
290
291
# File 'lib/authlete/api.rb', line 287

def client_get(client_id)
  hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)

  Authlete::Model::Client.new(hash)
end

#client_get_list(params = nil) ⇒ Object

[View source]

293
294
295
296
297
# File 'lib/authlete/api.rb', line 293

def client_get_list(params = nil)
  hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ClientListResponse.new(hash)
end

#client_update(client) ⇒ Object

[View source]

299
300
301
302
303
# File 'lib/authlete/api.rb', line 299

def client_update(client)
  hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#delete_client_authorization(client_id, subject) ⇒ Object

[View source]

329
330
331
332
333
# File 'lib/authlete/api.rb', line 329

def delete_client_authorization(client_id, subject)
  request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject)

  call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
end

#delete_granted_scopes(client_id, subject) ⇒ Object

[View source]

399
400
401
402
403
# File 'lib/authlete/api.rb', line 399

def delete_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request))
end

#delete_requestable_scopes(client_id) ⇒ Object

[View source]

417
418
419
# File 'lib/authlete/api.rb', line 417

def delete_requestable_scopes(client_id)
  call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil)
end

#device_authorization(request) ⇒ Object

[View source]

469
470
471
472
473
# File 'lib/authlete/api.rb', line 469

def device_authorization(request)
  hash = call_api_json_service("/api/device/authorization", to_hash(request))

  Authlete::Model::Response::DeviceAuthorizationResponse.new(hash)
end

#device_complete(request) ⇒ Object

[View source]

475
476
477
478
479
# File 'lib/authlete/api.rb', line 475

def device_complete(request)
  hash = call_api_json_service("/api/device/complete", to_hash(request))

  Authlete::Model::Response::DeviceCompleteResponse.new(hash)
end

#device_verification(request) ⇒ Object

[View source]

481
482
483
484
485
# File 'lib/authlete/api.rb', line 481

def device_verification(request)
  hash = call_api_json_service("/api/device/verification", to_hash(request))

  Authlete::Model::Response::DeviceVerificationResponse.new(hash)
end

#dynamic_client_delete(request) ⇒ Object

[View source]

439
440
441
442
443
# File 'lib/authlete/api.rb', line 439

def dynamic_client_delete(request)
  hash = call_api_json_service("/api/client/registration/delete", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_get(request) ⇒ Object

[View source]

427
428
429
430
431
# File 'lib/authlete/api.rb', line 427

def dynamic_client_get(request)
  hash = call_api_json_service("/api/client/registration/get", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_register(request) ⇒ Object

[View source]

421
422
423
424
425
# File 'lib/authlete/api.rb', line 421

def dynamic_client_register(request)
  hash = call_api_json_service("/api/client/registration", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_update(request) ⇒ Object

[View source]

433
434
435
436
437
# File 'lib/authlete/api.rb', line 433

def dynamic_client_update(request)
  hash = call_api_json_service("/api/client/registration/update", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#emit_rack_error_message(request, message) ⇒ Object

[View source]

556
557
558
559
560
561
562
# File 'lib/authlete/api.rb', line 556

def emit_rack_error_message(request, message)
  begin
    # Logging if possible.
    request.env['rack.errors'].write("ERROR: #{message}\n")
  rescue => e
  end
end

#get_client_authorization_list(request) ⇒ Object

[View source]

319
320
321
322
323
# File 'lib/authlete/api.rb', line 319

def get_client_authorization_list(request)
  hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))

  Authlete::Model::Response::AuthorizedClientListResponse.new(hash)
end

#get_granted_scopes(client_id, subject) ⇒ Object

[View source]

391
392
393
394
395
396
397
# File 'lib/authlete/api.rb', line 391

def get_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request))

  Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
end

#get_requestable_scopes(client_id) ⇒ Object

[View source]

405
406
407
408
409
# File 'lib/authlete/api.rb', line 405

def get_requestable_scopes(client_id)
  hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil)

  extract_requestable_scopes(hash)
end

#get_service_configuration(params = nil) ⇒ Object

[View source]

369
370
371
# File 'lib/authlete/api.rb', line 369

def get_service_configuration(params = nil)
  call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
end

#get_service_jwks(params = nil) ⇒ Object

[View source]

365
366
367
# File 'lib/authlete/api.rb', line 365

def get_service_jwks(params = nil)
  call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
end

#get_token_list(params = nil) ⇒ Object

[View source]

385
386
387
388
389
# File 'lib/authlete/api.rb', line 385

def get_token_list(params = nil)
  hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::TokenListResponse.new(hash)
end

#introspection(request) ⇒ Object

[View source]

335
336
337
338
339
# File 'lib/authlete/api.rb', line 335

def introspection(request)
  hash = call_api_json_service('/api/auth/introspection', to_hash(request))

  Authlete::Model::Response::IntrospectionResponse.new(hash)
end

#protect_resource(request, scopes = nil, subject = nil) ⇒ Object

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Model::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.

[View source]

515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
# File 'lib/authlete/api.rb', line 515

def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'BAD_REQUEST',
      responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  # Create a request for Authlete's /api/auth/introspection API.
  request = Authlete::Model::Request::IntrospectionRequest.new(
    token:   access_token,
    scopes:  scopes,
    subject: subject
  )

  begin
    # Call Authlete's /api/auth/introspection API to introspect the access token.
    result = introspection(request)
  rescue => e
    # Error message.
    message = build_error_message('/api/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'INTERNAL_SERVER_ERROR',
      responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /api/auth/introspection API.
  result
end

#push_authorization_request(request) ⇒ Object

[View source]

487
488
489
490
491
# File 'lib/authlete/api.rb', line 487

def push_authorization_request(request)
  hash = call_api_json_service("/api/pushed_auth_req", to_hash(request))

  Authlete::Model::Response::PushedAuthReqResponse.new(hash)
end

#refresh_client_secret(client_identifier) ⇒ Object

[View source]

305
306
307
308
309
# File 'lib/authlete/api.rb', line 305

def refresh_client_secret(client_identifier)
  hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)

  Authlete::Model::Response::ClientSecretRefreshResponse.new(hash)
end

#revocation(request) ⇒ Object

[View source]

347
348
349
350
351
# File 'lib/authlete/api.rb', line 347

def revocation(request)
  hash = call_api_json_service("/api/auth/revocation", to_hash(request))

  Authlete::Model::Response::RevocationResponse.new(hash)
end

#service_create(service) ⇒ Object

[View source]

243
244
245
246
247
# File 'lib/authlete/api.rb', line 243

def service_create(service)
  hash = call_api_json_service_owner("/api/service/create", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#service_delete(api_key) ⇒ Object

[View source]

249
250
251
# File 'lib/authlete/api.rb', line 249

def service_delete(api_key)
  call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil)
end

#service_get(api_key) ⇒ Object

[View source]

253
254
255
256
257
# File 'lib/authlete/api.rb', line 253

def service_get(api_key)
  hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil)

  Authlete::Model::Service.new(hash)
end

#service_get_list(params = nil) ⇒ Object

[View source]

259
260
261
262
263
# File 'lib/authlete/api.rb', line 259

def service_get_list(params = nil)
  hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ServiceListResponse.new(hash)
end

#service_update(api_key, service) ⇒ Object

[View source]

265
266
267
268
269
# File 'lib/authlete/api.rb', line 265

def service_update(api_key, service)
  hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#serviceowner_get_selfObject

[View source]

271
272
273
274
275
# File 'lib/authlete/api.rb', line 271

def serviceowner_get_self
  hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil)

  Authlete::Model::ServiceOwner.new(hash)
end

#set_requestable_scopes(client_id, scopes) ⇒ Object

[View source]

411
412
413
414
415
# File 'lib/authlete/api.rb', line 411

def set_requestable_scopes(client_id, scopes)
  hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes })

  extract_requestable_scopes(hash)
end

#standard_introspection(request) ⇒ Object

[View source]

341
342
343
344
345
# File 'lib/authlete/api.rb', line 341

def standard_introspection(request)
  hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))

  Authlete::Model::Response::StandardIntrospectionResponse.new(hash)
end

#token(request) ⇒ Object

[View source]

219
220
221
222
223
# File 'lib/authlete/api.rb', line 219

def token(request)
  hash = call_api_json_service("/api/auth/token", to_hash(request))

  Authlete::Model::Response::TokenResponse.new(hash)
end

#token_create(request) ⇒ Object

[View source]

373
374
375
376
377
# File 'lib/authlete/api.rb', line 373

def token_create(request)
  hash = call_api_json_service("/api/auth/token/create", to_hash(request))

  Authlete::Model::Response::TokenCreateResponse.new(hash)
end

#token_fail(request) ⇒ Object

[View source]

231
232
233
234
235
# File 'lib/authlete/api.rb', line 231

def token_fail(request)
  hash = call_api_json_service("/api/auth/token/fail", to_hash(request))

  Authlete::Model::Response::TokenFailResponse.new(hash)
end

#token_issue(request) ⇒ Object

[View source]

225
226
227
228
229
# File 'lib/authlete/api.rb', line 225

def token_issue(request)
  hash = call_api_json_service("/api/auth/token/issue", to_hash(request))

  Authlete::Model::Response::TokenIssueResponse.new(hash)
end

#token_revoke(request) ⇒ Object

[View source]

237
238
239
240
241
# File 'lib/authlete/api.rb', line 237

def token_revoke(request)
  hash = call_api_json_service("/api/auth/token/revoke", to_hash(request))

  Authlete::Model::Response::TokenRevokeResponse.new(hash)
end

#token_update(request) ⇒ Object

[View source]

379
380
381
382
383
# File 'lib/authlete/api.rb', line 379

def token_update(request)
  hash = call_api_json_service("/api/auth/token/update", to_hash(request))

  Authlete::Model::Response::TokenUpdateResponse.new(hash)
end

#update_client_authorization(client_id, request) ⇒ Object

[View source]

325
326
327
# File 'lib/authlete/api.rb', line 325

def update_client_authorization(client_id, request)
  call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
end

#update_client_secret(client_identifier, client_secret) ⇒ Object

[View source]

311
312
313
314
315
316
317
# File 'lib/authlete/api.rb', line 311

def update_client_secret(client_identifier, client_secret)
  request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret)

  hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)

  Authlete::Model::Response::ClientSecretUpdateResponse.new(hash)
end

#user_info(request) ⇒ Object

[View source]

353
354
355
356
357
# File 'lib/authlete/api.rb', line 353

def (request)
  hash = call_api_json_service("/api/auth/userinfo", to_hash(request))

  Authlete::Model::Response::UserInfoResponse.new(hash)
end

#user_info_issue(request) ⇒ Object

[View source]

359
360
361
362
363
# File 'lib/authlete/api.rb', line 359

def (request)
  hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))

  Authlete::Model::Response::UserInfoIssueResponse.new(hash)
end