Class: Legate::Auth::Scheme

Inherits:

Object

• Object
• Legate::Auth::Scheme

Defined in:

lib/legate/auth/scheme.rb

Overview

Base class for all authentication schemes. Schemes provide logic for applying authentication to requests, refreshing tokens, and other operations specific to their authentication type.

Direct Known Subclasses

Legate::Auth::Schemes::ApiKey, Legate::Auth::Schemes::HTTPBearer, Legate::Auth::Schemes::OAuth2, Legate::Auth::Schemes::ServiceAccount

Instance Method Summary

• #apply_to_request(request, credential) ⇒ Hash

  Apply authentication to a request.

• #authentication_error?(response) ⇒ Boolean

  Checks if a response indicates an authentication error.

• #build_authorization_uri(_config, _redirect_uri = nil, _state = nil) ⇒ String^? abstract

  Builds an authorization URI for interactive authentication flows.

• #exchange_token(credential) ⇒ Legate::Auth::ExchangedCredential

  Exchange a credential for a token.

• #refresh_token(token, credential) ⇒ Legate::Auth::ExchangedCredential

  Refresh an authentication token.

• #revoke_token(token, credential) ⇒ Boolean

  Revoke a token.

• #scheme_type ⇒ Symbol

  Get the type of authentication scheme.

• #supports_refresh? ⇒ Boolean

  Check if this scheme supports token refresh.

• #to_h ⇒ Hash abstract

  Returns a hash representation of the scheme.

• #to_s ⇒ String

  Returns a string representation of the scheme.

• #validate! ⇒ Object abstract

  Validates the scheme configuration.

Instance Method Details

#apply_to_request(request, credential) ⇒ Hash

Apply authentication to a request

Parameters:

• request (Hash) —

  The request hash to modify

• credential (Legate::Auth::Credential, Legate::Auth::ExchangedCredential) —

  The credential to use

Returns:

• (Hash) —

  The modified request with authentication applied

Raises:

• (NotImplementedError)

# File 'lib/legate/auth/scheme.rb', line 23

def apply_to_request(request, credential)
  raise NotImplementedError, "#{self.class} must implement #apply_to_request"
end

#authentication_error?(response) ⇒ Boolean

Checks if a response indicates an authentication error

Parameters:

• response (Hash) —

  The HTTP response to check

Returns:

• (Boolean) —

  True if the response indicates an authentication error

# File 'lib/legate/auth/scheme.rb', line 92

def authentication_error?(response)
  return false unless response.is_a?(Hash)

  # HTTP status codes for auth errors (401 Unauthorized, 403 Forbidden)
  [401, 403].include?(response[:status])
end

#build_authorization_uri(_config, _redirect_uri = nil, _state = nil) ⇒ String^?

This method is abstract.

Builds an authorization URI for interactive authentication flows

Parameters:

• config (Legate::Auth::Config) —

  The authentication configuration

• redirect_uri (String, nil) —

  The redirect URI for the authorization request

• state (String, nil) —

  A state parameter for the authorization request

Returns:

• (String, nil) —

  The authorization URI, or nil if not applicable

# File 'lib/legate/auth/scheme.rb', line 85

def build_authorization_uri(_config, _redirect_uri = nil, _state = nil)
  nil # No-op in base class, override in subclasses that support interactive flows
end

#exchange_token(credential) ⇒ Legate::Auth::ExchangedCredential

Exchange a credential for a token

Parameters:

• credential (Legate::Auth::Credential) —

  The credential to exchange

Returns:

• (Legate::Auth::ExchangedCredential) —

  The exchanged token

Raises:

• (Legate::Auth::TokenExchangeError) —

  If the credential cannot be exchanged

# File 'lib/legate/auth/scheme.rb', line 46

def exchange_token(credential)
  raise NotImplementedError, "#{self.class} does not support token exchange"
end

#refresh_token(token, credential) ⇒ Legate::Auth::ExchangedCredential

Refresh an authentication token

Parameters:

• token (Legate::Auth::ExchangedCredential) —

  The token to refresh

• credential (Legate::Auth::Credential) —

  The credential containing refresh parameters

Returns:

• (Legate::Auth::ExchangedCredential) —

  The refreshed token

Raises:

• (Legate::Auth::TokenRefreshError) —

  If the token cannot be refreshed

# File 'lib/legate/auth/scheme.rb', line 38

def refresh_token(token, credential)
  raise NotImplementedError, "#{self.class} does not support token refresh"
end

#revoke_token(token, credential) ⇒ Boolean

Revoke a token

Parameters:

• token (Legate::Auth::ExchangedCredential) —

  The token to revoke

• credential (Legate::Auth::Credential) —

  The credential for revocation parameters

Returns:

• (Boolean) —

  True if the token was revoked successfully

Raises:

• (Legate::Auth::TokenRevokeError) —

  If the token cannot be revoked

# File 'lib/legate/auth/scheme.rb', line 55

def revoke_token(token, credential)
  raise NotImplementedError, "#{self.class} does not support token revocation"
end

#scheme_type ⇒ Symbol

Get the type of authentication scheme

Returns:

• (Symbol) —

  The scheme type identifier

Raises:

• (NotImplementedError)

# File 'lib/legate/auth/scheme.rb', line 15

def scheme_type
  raise NotImplementedError, "#{self.class} must implement #scheme_type"
end

#supports_refresh? ⇒ Boolean

Check if this scheme supports token refresh

Returns:

• (Boolean) —

  True if this scheme supports token refresh

# File 'lib/legate/auth/scheme.rb', line 29

def supports_refresh?
  false
end

#to_h ⇒ Hash

This method is abstract.

Returns a hash representation of the scheme

Returns:

• (Hash) —

  A hash containing the scheme configuration

# File 'lib/legate/auth/scheme.rb', line 69

def to_h
  { type: scheme_type }
end

#to_s ⇒ String

Returns a string representation of the scheme

Returns:

• (String) —

  A string representing the scheme

# File 'lib/legate/auth/scheme.rb', line 75

def to_s
  "#{self.class.name}<#{scheme_type}>"
end

#validate! ⇒ Object

This method is abstract.

Validates the scheme configuration

Raises:

• (Legate::Auth::SchemeValidationError) —

  If the scheme configuration is invalid

# File 'lib/legate/auth/scheme.rb', line 62

def validate!
  raise NotImplementedError, 'Subclasses must implement validate!'
end