Class: OAuth2::MCP::ResourceServer

Inherits:
Object
  • Object
show all
Defined in:
lib/oauth2/mcp.rb,
sig/oauth2/mcp.rbs

Overview

Provider-neutral MCP protected resource authorization.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(resource_metadata:, resource_metadata_url:, validator:, scope_mapper: nil, require_resource_audience: true) ⇒ ResourceServer

Returns a new instance of ResourceServer.



399
400
401
402
403
404
405
406
# File 'lib/oauth2/mcp.rb', line 399

def initialize(resource_metadata:, resource_metadata_url:, validator:, scope_mapper: nil,
  require_resource_audience: true)
  @resource_metadata = 
  @resource_metadata_url = 
  @validator = validator
  @scope_mapper = scope_mapper
  @require_resource_audience = require_resource_audience
end

Instance Attribute Details

#resource_metadataProtectedResourceMetadata (readonly)

Returns the value of attribute resource_metadata.



397
398
399
# File 'lib/oauth2/mcp.rb', line 397

def 
  @resource_metadata
end

#resource_metadata_urlString (readonly)

Returns the value of attribute resource_metadata_url.

Returns:

  • (String)


397
398
399
# File 'lib/oauth2/mcp.rb', line 397

def 
  @resource_metadata_url
end

#scope_mapperScopeMapper? (readonly)

Returns the value of attribute scope_mapper.

Returns:



397
398
399
# File 'lib/oauth2/mcp.rb', line 397

def scope_mapper
  @scope_mapper
end

#validatorObject (readonly)

Returns the value of attribute validator.

Returns:

  • (Object)


397
398
399
# File 'lib/oauth2/mcp.rb', line 397

def validator
  @validator
end

Instance Method Details

#authorize(request:, scopes: []) ⇒ AuthorizationResult

Parameters:

  • request: (Hash[untyped, untyped])
  • scopes: (Array[String], String) (defaults to: [])

Returns:



408
409
410
411
412
413
414
415
416
417
# File 'lib/oauth2/mcp.rb', line 408

def authorize(request:, scopes: [])
  required_scopes = Array(scopes).map(&:to_s).reject(&:empty?)
  token = BearerToken.extract(request)
  return deny_missing_token(required_scopes) unless token

  claims = validate(token)
  authorize_claims(claims: claims, required_scopes: required_scopes)
rescue InvalidToken => e
  deny_invalid_token(required_scopes, e.message)
end