Class: Machina::IdentityClient

Inherits:

Object

• Object
• Machina::IdentityClient

Defined in:

lib/machina/identity_client.rb

Overview

HTTP client for communicating with the Machina Console identity service. Handles session resolution, revocation, and permission syncing.

Defined Under Namespace

Classes: Response

Instance Method Summary

• #initialize(config: Machina.config, connection: nil) ⇒ IdentityClient constructor

  A new instance of IdentityClient.

• #resolve_session(token, workspace_id: nil, workspace_slug: nil, organization_slug: nil) ⇒ Object
• #revoke_session(token) ⇒ Object
• #sync_permissions(product_id:, permissions:, policies: []) ⇒ Object

Constructor Details

#initialize(config: Machina.config, connection: nil) ⇒ IdentityClient

Returns a new instance of IdentityClient.

# File 'lib/machina/identity_client.rb', line 17

def initialize(config: Machina.config, connection: nil)
  @config = config
  @connection = connection
end

Instance Method Details

#resolve_session(token, workspace_id: nil, workspace_slug: nil, organization_slug: nil) ⇒ Object

Parameters:

• token (String) —

  raw session token (ps_) or API key (mk_)

• workspace_id (String, nil) (defaults to: nil) —

  optional workspace UUID hint for org-scoped API keys

• workspace_slug (String, nil) (defaults to: nil) —

  optional workspace slug hint (alternative to id)

• organization_slug (String, nil) (defaults to: nil) —

  optional organization slug; identity service rejects with 403 if the value does not match the token’s bound organization

# File 'lib/machina/identity_client.rb', line 27

def resolve_session(token, workspace_id: nil, workspace_slug: nil, organization_slug: nil)
  payload = { token: }
  payload[:workspace_id]      = workspace_id      if workspace_id
  payload[:workspace_slug]    = workspace_slug    if workspace_slug
  payload[:organization_slug] = organization_slug if organization_slug
  post('/internal/v1/sessions/resolve', payload)
end

#revoke_session(token) ⇒ Object

# File 'lib/machina/identity_client.rb', line 35

def revoke_session(token)
  post('/internal/v1/sessions/revoke', { token: })
end

#sync_permissions(product_id:, permissions:, policies: []) ⇒ Object

# File 'lib/machina/identity_client.rb', line 39

def sync_permissions(product_id:, permissions:, policies: [])
  post("/internal/v1/products/#{product_id}/permissions_sync", {
    permissions:,
    policies:
  })
end