Class: StandardId::Api::AuthenticationGuard

Inherits:
Object
  • Object
show all
Defined in:
lib/standard_id/api/authentication_guard.rb

Instance Method Summary collapse

Instance Method Details

#require_scopes!(session_manager, *required_scopes) ⇒ Object 



19
20
21
22
23
24
25
26
27
28
29
30
31
32
 
# File 'lib/standard_id/api/authentication_guard.rb', line 19

def require_scopes!(session_manager, *required_scopes)
  api_session = require_session!(session_manager)

  expected_scopes = normalize_scopes(required_scopes)
  return api_session if expected_scopes.empty?

  token_scopes = extract_session_scopes(api_session)
  unless (token_scopes & expected_scopes).any?
    raise StandardId::InvalidScopeError,
      "Access token missing required scope. Requires one of: #{expected_scopes.join(', ')}"
  end

  api_session
end

#require_session!(session_manager) ⇒ Object 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
 
# File 'lib/standard_id/api/authentication_guard.rb', line 4

def require_session!(session_manager)
  api_session = session_manager.current_session

  if api_session.blank?
    raise StandardId::NotAuthenticatedError, "Invalid or missing access token"
  elsif api_session.respond_to?(:expired?) && api_session.expired?
    raise StandardId::ExpiredSessionError, "Session has expired"
  elsif api_session.respond_to?(:revoked?) && api_session.revoked?
    session_manager.clear_session!
    raise StandardId::RevokedSessionError, "Session has been revoked"
  end

  api_session
end