Class: StandardId::Api::AuthenticationGuard

Inherits:
Object
  • Object
show all
Defined in:
lib/standard_id/api/authentication_guard.rb

Instance Method Summary collapse

Instance Method Details

#require_scopes!(session_manager, *required_scopes) ⇒ Object 



22
23
24
25
26
27
28
29
30
31
32
33
34
35
 
# File 'lib/standard_id/api/authentication_guard.rb', line 22

def require_scopes!(session_manager, *required_scopes)
  api_session = require_session!(session_manager)

  expected_scopes = normalize_scopes(required_scopes)
  return api_session if expected_scopes.empty?

  token_scopes = extract_session_scopes(api_session)
  unless (token_scopes & expected_scopes).any?
    raise StandardId::InvalidScopeError,
      "Access token missing required scope. Requires one of: #{expected_scopes.join(', ')}"
  end

  api_session
end

#require_session!(session_manager, request: nil) ⇒ Object 



4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
 
# File 'lib/standard_id/api/authentication_guard.rb', line 4

def require_session!(session_manager, request: nil)
  api_session = session_manager.current_session
  emit_session_validating(api_session, request)

  if api_session.blank?
    raise StandardId::NotAuthenticatedError, "Invalid or missing access token"
  elsif api_session.respond_to?(:expired?) && api_session.expired?
    emit_session_expired(api_session)
    raise StandardId::ExpiredSessionError, "Session has expired"
  elsif api_session.respond_to?(:revoked?) && api_session.revoked?
    session_manager.clear_session!
    raise StandardId::RevokedSessionError, "Session has been revoked"
  end

  emit_session_validated(api_session)
  api_session
end