Exception: StandardId::InvalidAudienceProfileError

Inherits:

StandardError

• Object
• StandardError
• StandardId::InvalidAudienceProfileError

Defined in:

lib/standard_id/errors.rb

Overview

Raised when an access token’s audience is permitted for the controller but the account lacks a profile of the type configured for that audience in ‘StandardId.config.oauth.audience_profile_types`.

Includes audit-friendly attributes (raw values from the JWT and config) that callers may log but must NOT interpolate into response headers or API response bodies without sanitization.

Deliberately a separate class (not a subclass of InvalidAudienceError) so host apps can distinguish “audience not permitted” from “audience matched but profile binding failed” in their error handling. The ‘AudienceVerification` concern renders both as 403 insufficient_scope.

Instance Attribute Summary

• #actual ⇒ Object readonly

  Returns the value of attribute actual.

• #actual_profile_type ⇒ Object readonly

  Returns the value of attribute actual_profile_type.

• #audience ⇒ Object readonly

  Returns the value of attribute audience.

• #expected_profile_types ⇒ Object readonly

  Returns the value of attribute expected_profile_types.

• #required ⇒ Object readonly

  Returns the value of attribute required.

Instance Method Summary

• #initialize(audience:, expected_profile_types:, actual_profile_type:, required: [], actual: []) ⇒ InvalidAudienceProfileError constructor

  A new instance of InvalidAudienceProfileError.

Constructor Details

#initialize(audience:, expected_profile_types:, actual_profile_type:, required: [], actual: []) ⇒ InvalidAudienceProfileError

Returns a new instance of InvalidAudienceProfileError.

# File 'lib/standard_id/errors.rb', line 123

def initialize(audience:, expected_profile_types:, actual_profile_type:, required: [], actual: [])
  @audience = audience
  @expected_profile_types = Array(expected_profile_types)
  @actual_profile_type = actual_profile_type
  @required = required
  @actual = actual
  expected = @expected_profile_types.join(", ")
  super("Token audience '#{audience}' requires profile type [#{expected}] but account has '#{actual_profile_type || 'none'}'")
end

Instance Attribute Details

#actual ⇒ Object (readonly)

Returns the value of attribute actual.

# File 'lib/standard_id/errors.rb', line 121

def actual
  @actual
end

#actual_profile_type ⇒ Object (readonly)

Returns the value of attribute actual_profile_type.

# File 'lib/standard_id/errors.rb', line 121

def actual_profile_type
  @actual_profile_type
end

#audience ⇒ Object (readonly)

Returns the value of attribute audience.

# File 'lib/standard_id/errors.rb', line 121

def audience
  @audience
end

#expected_profile_types ⇒ Object (readonly)

Returns the value of attribute expected_profile_types.

# File 'lib/standard_id/errors.rb', line 121

def expected_profile_types
  @expected_profile_types
end

#required ⇒ Object (readonly)

Returns the value of attribute required.

# File 'lib/standard_id/errors.rb', line 121

def required
  @required
end