Class: Authlete::Api

Inherits:

Object

• Object
• Authlete::Api

Includes:

Utility

Defined in:

lib/authlete/api.rb

Instance Attribute Summary

• #extra_headers ⇒ Object

  Returns the value of attribute extra_headers.

• #host ⇒ Object

  Returns the value of attribute host.

• #service_api_key ⇒ Object

  Returns the value of attribute service_api_key.

• #service_api_secret ⇒ Object

  Returns the value of attribute service_api_secret.

• #service_owner_api_key ⇒ Object

  Returns the value of attribute service_owner_api_key.

• #service_owner_api_secret ⇒ Object

  Returns the value of attribute service_owner_api_secret.

Instance Method Summary

• #authorization(request) ⇒ Object
• #authorization_fail(request) ⇒ Object
• #authorization_issue(request) ⇒ Object
• #backchannel_authentication(request) ⇒ Object
• #backchannel_authentication_complete(request) ⇒ Object
• #backchannel_authentication_fail(request) ⇒ Object
• #backchannel_authentication_issue(request) ⇒ Object
• #client_create(client) ⇒ Object
• #client_delete(client_id) ⇒ Object
• #client_get(client_id) ⇒ Object
• #client_get_list(params = nil) ⇒ Object
• #client_update(client) ⇒ Object
• #delete_client_authorization(client_id, subject) ⇒ Object
• #delete_granted_scopes(client_id, subject) ⇒ Object
• #delete_requestable_scopes(client_id) ⇒ Object
• #device_authorization(request) ⇒ Object
• #device_complete(request) ⇒ Object
• #device_verification(request) ⇒ Object
• #dynamic_client_delete(request) ⇒ Object
• #dynamic_client_get(request) ⇒ Object
• #dynamic_client_register(request) ⇒ Object
• #dynamic_client_update(request) ⇒ Object
• #emit_rack_error_message(request, message) ⇒ Object
• #get_client_authorization_list(request) ⇒ Object
• #get_granted_scopes(client_id, subject) ⇒ Object
• #get_requestable_scopes(client_id) ⇒ Object
• #get_service_configuration(params = nil) ⇒ Object
• #get_service_jwks(params = nil) ⇒ Object
• #get_token_list(params = nil) ⇒ Object
• #introspection(request) ⇒ Object
• #protect_resource(request, scopes = nil, subject = nil) ⇒ Object

  Ensure that the request contains a valid access token.

• #push_authorization_request(request) ⇒ Object
• #refresh_client_secret(client_identifier) ⇒ Object
• #revocation(request) ⇒ Object
• #service_create(service) ⇒ Object
• #service_delete(api_key) ⇒ Object
• #service_get(api_key) ⇒ Object
• #service_get_list(params = nil) ⇒ Object
• #service_update(api_key, service) ⇒ Object
• #serviceowner_get_self ⇒ Object
• #set_requestable_scopes(client_id, scopes) ⇒ Object
• #standard_introspection(request) ⇒ Object
• #token(request) ⇒ Object
• #token_create(request) ⇒ Object
• #token_fail(request) ⇒ Object
• #token_issue(request) ⇒ Object
• #token_revoke(request) ⇒ Object
• #token_update(request) ⇒ Object
• #update_client_authorization(client_id, request) ⇒ Object
• #update_client_secret(client_identifier, client_secret) ⇒ Object
• #user_info(request) ⇒ Object
• #user_info_issue(request) ⇒ Object

Methods included from Utility

#extract_access_token, #get_parsed_array, #to_rack_response_json, #to_rack_response_www_authenticate

Instance Attribute Details

#extra_headers ⇒ Object

Returns the value of attribute extra_headers.

# File 'lib/authlete/api.rb', line 32

def extra_headers
  @extra_headers
end

#host ⇒ Object

Returns the value of attribute host.

# File 'lib/authlete/api.rb', line 27

def host
  @host
end

#service_api_key ⇒ Object

Returns the value of attribute service_api_key.

# File 'lib/authlete/api.rb', line 30

def service_api_key
  @service_api_key
end

#service_api_secret ⇒ Object

Returns the value of attribute service_api_secret.

# File 'lib/authlete/api.rb', line 31

def service_api_secret
  @service_api_secret
end

#service_owner_api_key ⇒ Object

Returns the value of attribute service_owner_api_key.

# File 'lib/authlete/api.rb', line 28

def service_owner_api_key
  @service_owner_api_key
end

#service_owner_api_secret ⇒ Object

Returns the value of attribute service_owner_api_secret.

# File 'lib/authlete/api.rb', line 29

def service_owner_api_secret
  @service_owner_api_secret
end

Instance Method Details

#authorization(request) ⇒ Object

# File 'lib/authlete/api.rb', line 201

def authorization(request)
  hash = call_api_json_service("/api/auth/authorization", to_hash(request))

  Authlete::Model::Response::AuthorizationResponse.new(hash)
end

#authorization_fail(request) ⇒ Object

# File 'lib/authlete/api.rb', line 213

def authorization_fail(request)
  hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))

  Authlete::Model::Response::AuthorizationFailResponse.new(hash)
end

#authorization_issue(request) ⇒ Object

# File 'lib/authlete/api.rb', line 207

def authorization_issue(request)
  hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))

  Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
end

#backchannel_authentication(request) ⇒ Object

# File 'lib/authlete/api.rb', line 445

def backchannel_authentication(request)
  hash = call_api_json_service("/api/backchannel/authentication", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash)
end

#backchannel_authentication_complete(request) ⇒ Object

# File 'lib/authlete/api.rb', line 463

def backchannel_authentication_complete(request)
  hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash)
end

#backchannel_authentication_fail(request) ⇒ Object

# File 'lib/authlete/api.rb', line 457

def backchannel_authentication_fail(request)
  hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash)
end

#backchannel_authentication_issue(request) ⇒ Object

# File 'lib/authlete/api.rb', line 451

def backchannel_authentication_issue(request)
  hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash)
end

#client_create(client) ⇒ Object

# File 'lib/authlete/api.rb', line 277

def client_create(client)
  hash = call_api_json_service("/api/client/create", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#client_delete(client_id) ⇒ Object

# File 'lib/authlete/api.rb', line 283

def client_delete(client_id)
  call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
end

#client_get(client_id) ⇒ Object

# File 'lib/authlete/api.rb', line 287

def client_get(client_id)
  hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)

  Authlete::Model::Client.new(hash)
end

#client_get_list(params = nil) ⇒ Object

# File 'lib/authlete/api.rb', line 293

def client_get_list(params = nil)
  hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ClientListResponse.new(hash)
end

#client_update(client) ⇒ Object

# File 'lib/authlete/api.rb', line 299

def client_update(client)
  hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client))

  Authlete::Model::Client.new(hash)
end

#delete_client_authorization(client_id, subject) ⇒ Object

# File 'lib/authlete/api.rb', line 329

def delete_client_authorization(client_id, subject)
  request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject)

  call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
end

#delete_granted_scopes(client_id, subject) ⇒ Object

# File 'lib/authlete/api.rb', line 399

def delete_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request))
end

#delete_requestable_scopes(client_id) ⇒ Object

# File 'lib/authlete/api.rb', line 417

def delete_requestable_scopes(client_id)
  call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil)
end

#device_authorization(request) ⇒ Object

# File 'lib/authlete/api.rb', line 469

def device_authorization(request)
  hash = call_api_json_service("/api/device/authorization", to_hash(request))

  Authlete::Model::Response::DeviceAuthorizationResponse.new(hash)
end

#device_complete(request) ⇒ Object

# File 'lib/authlete/api.rb', line 475

def device_complete(request)
  hash = call_api_json_service("/api/device/complete", to_hash(request))

  Authlete::Model::Response::DeviceCompleteResponse.new(hash)
end

#device_verification(request) ⇒ Object

# File 'lib/authlete/api.rb', line 481

def device_verification(request)
  hash = call_api_json_service("/api/device/verification", to_hash(request))

  Authlete::Model::Response::DeviceVerificationResponse.new(hash)
end

#dynamic_client_delete(request) ⇒ Object

# File 'lib/authlete/api.rb', line 439

def dynamic_client_delete(request)
  hash = call_api_json_service("/api/client/registration/delete", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_get(request) ⇒ Object

# File 'lib/authlete/api.rb', line 427

def dynamic_client_get(request)
  hash = call_api_json_service("/api/client/registration/get", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_register(request) ⇒ Object

# File 'lib/authlete/api.rb', line 421

def dynamic_client_register(request)
  hash = call_api_json_service("/api/client/registration", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#dynamic_client_update(request) ⇒ Object

# File 'lib/authlete/api.rb', line 433

def dynamic_client_update(request)
  hash = call_api_json_service("/api/client/registration/update", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end

#emit_rack_error_message(request, message) ⇒ Object

# File 'lib/authlete/api.rb', line 556

def emit_rack_error_message(request, message)
  begin
    # Logging if possible.
    request.env['rack.errors'].write("ERROR: #{message}\n")
  rescue => e
  end
end

#get_client_authorization_list(request) ⇒ Object

# File 'lib/authlete/api.rb', line 319

def get_client_authorization_list(request)
  hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))

  Authlete::Model::Response::AuthorizedClientListResponse.new(hash)
end

#get_granted_scopes(client_id, subject) ⇒ Object

# File 'lib/authlete/api.rb', line 391

def get_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request))

  Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
end

#get_requestable_scopes(client_id) ⇒ Object

# File 'lib/authlete/api.rb', line 405

def get_requestable_scopes(client_id)
  hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil)

  extract_requestable_scopes(hash)
end

#get_service_configuration(params = nil) ⇒ Object

# File 'lib/authlete/api.rb', line 369

def get_service_configuration(params = nil)
  call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
end

#get_service_jwks(params = nil) ⇒ Object

# File 'lib/authlete/api.rb', line 365

def get_service_jwks(params = nil)
  call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
end

#get_token_list(params = nil) ⇒ Object

# File 'lib/authlete/api.rb', line 385

def get_token_list(params = nil)
  hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::TokenListResponse.new(hash)
end

#introspection(request) ⇒ Object

# File 'lib/authlete/api.rb', line 335

def introspection(request)
  hash = call_api_json_service('/api/auth/introspection', to_hash(request))

  Authlete::Model::Response::IntrospectionResponse.new(hash)
end

#protect_resource(request, scopes = nil, subject = nil) ⇒ Object

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Model::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.

# File 'lib/authlete/api.rb', line 515

def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'BAD_REQUEST',
      responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  # Create a request for Authlete's /api/auth/introspection API.
  request = Authlete::Model::Request::IntrospectionRequest.new(
    token:   access_token,
    scopes:  scopes,
    subject: subject
  )

  begin
    # Call Authlete's /api/auth/introspection API to introspect the access token.
    result = introspection(request)
  rescue => e
    # Error message.
    message = build_error_message('/api/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'INTERNAL_SERVER_ERROR',
      responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /api/auth/introspection API.
  result
end

#push_authorization_request(request) ⇒ Object

# File 'lib/authlete/api.rb', line 487

def push_authorization_request(request)
  hash = call_api_json_service("/api/pushed_auth_req", to_hash(request))

  Authlete::Model::Response::PushedAuthReqResponse.new(hash)
end

#refresh_client_secret(client_identifier) ⇒ Object

# File 'lib/authlete/api.rb', line 305

def refresh_client_secret(client_identifier)
  hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)

  Authlete::Model::Response::ClientSecretRefreshResponse.new(hash)
end

#revocation(request) ⇒ Object

# File 'lib/authlete/api.rb', line 347

def revocation(request)
  hash = call_api_json_service("/api/auth/revocation", to_hash(request))

  Authlete::Model::Response::RevocationResponse.new(hash)
end

#service_create(service) ⇒ Object

# File 'lib/authlete/api.rb', line 243

def service_create(service)
  hash = call_api_json_service_owner("/api/service/create", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#service_delete(api_key) ⇒ Object

# File 'lib/authlete/api.rb', line 249

def service_delete(api_key)
  call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil)
end

#service_get(api_key) ⇒ Object

# File 'lib/authlete/api.rb', line 253

def service_get(api_key)
  hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil)

  Authlete::Model::Service.new(hash)
end

#service_get_list(params = nil) ⇒ Object

# File 'lib/authlete/api.rb', line 259

def service_get_list(params = nil)
  hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ServiceListResponse.new(hash)
end

#service_update(api_key, service) ⇒ Object

# File 'lib/authlete/api.rb', line 265

def service_update(api_key, service)
  hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))

  Authlete::Model::Service.new(hash)
end

#serviceowner_get_self ⇒ Object

# File 'lib/authlete/api.rb', line 271

def serviceowner_get_self
  hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil)

  Authlete::Model::ServiceOwner.new(hash)
end

#set_requestable_scopes(client_id, scopes) ⇒ Object

# File 'lib/authlete/api.rb', line 411

def set_requestable_scopes(client_id, scopes)
  hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes })

  extract_requestable_scopes(hash)
end

#standard_introspection(request) ⇒ Object

# File 'lib/authlete/api.rb', line 341

def standard_introspection(request)
  hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))

  Authlete::Model::Response::StandardIntrospectionResponse.new(hash)
end

#token(request) ⇒ Object

# File 'lib/authlete/api.rb', line 219

def token(request)
  hash = call_api_json_service("/api/auth/token", to_hash(request))

  Authlete::Model::Response::TokenResponse.new(hash)
end

#token_create(request) ⇒ Object

# File 'lib/authlete/api.rb', line 373

def token_create(request)
  hash = call_api_json_service("/api/auth/token/create", to_hash(request))

  Authlete::Model::Response::TokenCreateResponse.new(hash)
end

#token_fail(request) ⇒ Object

# File 'lib/authlete/api.rb', line 231

def token_fail(request)
  hash = call_api_json_service("/api/auth/token/fail", to_hash(request))

  Authlete::Model::Response::TokenFailResponse.new(hash)
end

#token_issue(request) ⇒ Object

# File 'lib/authlete/api.rb', line 225

def token_issue(request)
  hash = call_api_json_service("/api/auth/token/issue", to_hash(request))

  Authlete::Model::Response::TokenIssueResponse.new(hash)
end

#token_revoke(request) ⇒ Object

# File 'lib/authlete/api.rb', line 237

def token_revoke(request)
  hash = call_api_json_service("/api/auth/token/revoke", to_hash(request))

  Authlete::Model::Response::TokenRevokeResponse.new(hash)
end

#token_update(request) ⇒ Object

# File 'lib/authlete/api.rb', line 379

def token_update(request)
  hash = call_api_json_service("/api/auth/token/update", to_hash(request))

  Authlete::Model::Response::TokenUpdateResponse.new(hash)
end

#update_client_authorization(client_id, request) ⇒ Object

# File 'lib/authlete/api.rb', line 325

def update_client_authorization(client_id, request)
  call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
end

#update_client_secret(client_identifier, client_secret) ⇒ Object

# File 'lib/authlete/api.rb', line 311

def update_client_secret(client_identifier, client_secret)
  request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret)

  hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)

  Authlete::Model::Response::ClientSecretUpdateResponse.new(hash)
end

#user_info(request) ⇒ Object

# File 'lib/authlete/api.rb', line 353

def user_info(request)
  hash = call_api_json_service("/api/auth/userinfo", to_hash(request))

  Authlete::Model::Response::UserInfoResponse.new(hash)
end

#user_info_issue(request) ⇒ Object

# File 'lib/authlete/api.rb', line 359

def user_info_issue(request)
  hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))

  Authlete::Model::Response::UserInfoIssueResponse.new(hash)
end