class Authlete::Api
Attributes
Public Class Methods
# File lib/authlete/api.rb, line 36 def initialize(config = {}) @host = config[:host] @service_owner_api_key = config[:service_owner_api_key] @service_owner_api_secret = config[:service_owner_api_secret] @service_api_key = config[:service_api_key] @service_api_secret = config[:service_api_secret] @extra_headers = nil end
Public Instance Methods
# File lib/authlete/api.rb, line 422 def backchannel_authentication(request) hash = call_api_json_service("/api/backchannel/authentication", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash) end
# File lib/authlete/api.rb, line 440 def backchannel_authentication_complete(request) hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash) end
# File lib/authlete/api.rb, line 434 def backchannel_authentication_fail(request) hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash) end
# File lib/authlete/api.rb, line 428 def backchannel_authentication_issue(request) hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request)) Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash) end
# File lib/authlete/api.rb, line 254 def client_create(client) hash = call_api_json_service("/api/client/create", to_hash(client)) Authlete::Model::Client.new(hash) end
# File lib/authlete/api.rb, line 260 def client_delete(client_id) call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil) end
# File lib/authlete/api.rb, line 264 def client_get(client_id) hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil) Authlete::Model::Client.new(hash) end
# File lib/authlete/api.rb, line 270 def client_get_list(params = nil) hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ClientListResponse.new(hash) end
# File lib/authlete/api.rb, line 276 def client_update(client) hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client)) Authlete::Model::Client.new(hash) end
# File lib/authlete/api.rb, line 376 def delete_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request)) end
# File lib/authlete/api.rb, line 394 def delete_requestable_scopes(client_id) call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil) end
# File lib/authlete/api.rb, line 452 def device_complete(request) hash = call_api_json_service("/api/device/complete", to_hash(request)) Authlete::Model::Response::DeviceCompleteResponse.new(hash) end
# File lib/authlete/api.rb, line 458 def device_verification(request) hash = call_api_json_service("/api/device/verification", to_hash(request)) Authlete::Model::Response::DeviceVerificationResponse.new(hash) end
# File lib/authlete/api.rb, line 416 def dynamic_client_delete(request) hash = call_api_json_service("/api/client/registration/delete", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end
# File lib/authlete/api.rb, line 404 def dynamic_client_get(request) hash = call_api_json_service("/api/client/registration/get", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end
# File lib/authlete/api.rb, line 398 def dynamic_client_register(request) hash = call_api_json_service("/api/client/registration", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end
# File lib/authlete/api.rb, line 410 def dynamic_client_update(request) hash = call_api_json_service("/api/client/registration/update", to_hash(request)) Authlete::Model::Response::ClientRegistrationResponse.new(hash) end
# File lib/authlete/api.rb, line 533 def emit_rack_error_message(request, message) begin # Logging if possible. request.env['rack.errors'].write("ERROR: #{message}\n") rescue => e end end
# File lib/authlete/api.rb, line 368 def get_granted_scopes(client_id, subject) request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject) hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request)) Authlete::Model::Response::GrantedScopesGetResponse.new(hash) end
# File lib/authlete/api.rb, line 382 def get_requestable_scopes(client_id) hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil) extract_requestable_scopes(hash) end
# File lib/authlete/api.rb, line 346 def get_service_configuration(params = nil) call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil) end
# File lib/authlete/api.rb, line 342 def get_service_jwks(params = nil) call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil) end
# File lib/authlete/api.rb, line 362 def get_token_list(params = nil) hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::TokenListResponse.new(hash) end
# File lib/authlete/api.rb, line 312 def introspection(request) hash = call_api_json_service('/api/auth/introspection', to_hash(request)) Authlete::Model::Response::IntrospectionResponse.new(hash) end
Ensure that the request contains a valid access token.
This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.
The first argument request
is a Rack request.
The second argument scopes
is an array of scope names required to access the target protected resource. This argument is optional.
The third argument subject
is a string which representing a subject which has to be associated with the access token. This argument is optional.
This method returns an instance of Authlete::Model::Response::IntrospectionResponse
. If its action
method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.
# File lib/authlete/api.rb, line 492 def protect_resource(request, scopes = nil, subject = nil) # Extract an access token from the request. access_token = extract_access_token(request) # If the request does not contain any access token. if access_token.nil? # The request does not contain a valid access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'BAD_REQUEST', responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."' ) end # Create a request for Authlete's /api/auth/introspection API. request = Authlete::Model::Request::IntrospectionRequest.new( token: access_token, scopes: scopes, subject: subject ) begin # Call Authlete's /api/auth/introspection API to introspect the access token. result = introspection(request) rescue => e # Error message. message = build_error_message('/api/auth/introspection', e) # Emit a Rack error message. emit_rack_error_message(request, message) # Failed to introspect the access token. return Authlete::Model::Response::IntrospectionResponse.new( action: 'INTERNAL_SERVER_ERROR', responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\"" ) end # Return the response from Authlete's /api/auth/introspection API. result end
# File lib/authlete/api.rb, line 282 def refresh_client_secret(client_identifier) hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil) Authlete::Model::Response::ClientSecretRefreshResponse.new(hash) end
# File lib/authlete/api.rb, line 324 def revocation(request) hash = call_api_json_service("/api/auth/revocation", to_hash(request)) Authlete::Model::Response::RevocationResponse.new(hash) end
# File lib/authlete/api.rb, line 220 def service_create(service) hash = call_api_json_service_owner("/api/service/create", to_hash(service)) Authlete::Model::Service.new(hash) end
# File lib/authlete/api.rb, line 226 def service_delete(api_key) call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil) end
# File lib/authlete/api.rb, line 230 def service_get(api_key) hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil) Authlete::Model::Service.new(hash) end
# File lib/authlete/api.rb, line 236 def service_get_list(params = nil) hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil) Authlete::Model::Response::ServiceListResponse.new(hash) end
# File lib/authlete/api.rb, line 242 def service_update(api_key, service) hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service)) Authlete::Model::Service.new(hash) end
# File lib/authlete/api.rb, line 248 def serviceowner_get_self hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil) Authlete::Model::ServiceOwner.new(hash) end
# File lib/authlete/api.rb, line 388 def set_requestable_scopes(client_id, scopes) hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes }) extract_requestable_scopes(hash) end
# File lib/authlete/api.rb, line 318 def standard_introspection(request) hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request)) Authlete::Model::Response::StandardIntrospectionResponse.new(hash) end
# File lib/authlete/api.rb, line 202 def token(request) hash = call_api_json_service("/api/auth/token", to_hash(request)) Authlete::Model::Response::TokenResponse.new(hash) end
# File lib/authlete/api.rb, line 350 def token_create(request) hash = call_api_json_service("/api/auth/token/create", to_hash(request)) Authlete::Model::Response::TokenCreateResponse.new(hash) end
# File lib/authlete/api.rb, line 214 def token_fail(request) hash = call_api_json_service("/api/auth/token/fail", to_hash(request)) Authlete::Model::Response::TokenFailResponse.new(hash) end
# File lib/authlete/api.rb, line 208 def token_issue(request) hash = call_api_json_service("/api/auth/token/issue", to_hash(request)) Authlete::Model::Response::TokenIssueResponse.new(hash) end
# File lib/authlete/api.rb, line 356 def token_update(request) hash = call_api_json_service("/api/auth/token/update", to_hash(request)) Authlete::Model::Response::TokenUpdateResponse.new(hash) end
# File lib/authlete/api.rb, line 288 def update_client_secret(client_identifier, client_secret) request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret) hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash) Authlete::Model::Response::ClientSecretUpdateResponse.new(hash) end
# File lib/authlete/api.rb, line 330 def user_info(request) hash = call_api_json_service("/api/auth/userinfo", to_hash(request)) Authlete::Model::Response::UserInfoResponse.new(hash) end
# File lib/authlete/api.rb, line 336 def user_info_issue(request) hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request)) Authlete::Model::Response::UserInfoIssueResponse.new(hash) end
Private Instance Methods
# File lib/authlete/api.rb, line 119 def body_as_string(response) return nil if response.body.nil? body = response.body.to_s body.empty? ? nil : body end
# File lib/authlete/api.rb, line 151 def build_error_message(path, exception) begin # Use "resultMessage" if the response can be parsed as JSON. JSON.parse(exception.response.to_str)['resultMessage'] rescue # Build a generic error message. "Authlete's #{path} API failed." end end
# File lib/authlete/api.rb, line 45 def call_api(method, path, content_type, payload, user, password) headers = {} headers.merge!(content_type: content_type) unless content_type.nil? headers.merge!(@extra_headers) unless @extra_headers.nil? response = execute( method: method, url: @host + path, headers: headers, payload: payload, user: user, password: password ) body = body_as_string(response) body && JSON.parse(body, symbolize_names: true) end
# File lib/authlete/api.rb, line 139 def call_api_json(path, body, user, password) call_api(:post, path, 'application/json;charset=UTF-8', JSON.generate(body), user, password) end
# File lib/authlete/api.rb, line 147 def call_api_json_service(path, body) call_api_json(path, body, @service_api_key, @service_api_secret) end
# File lib/authlete/api.rb, line 143 def call_api_json_service_owner(path, body) call_api_json(path, body, @service_owner_api_key, @service_owner_api_secret) end
# File lib/authlete/api.rb, line 135 def call_api_service(method, path, content_type, payload) call_api(method, path, content_type, payload, @service_api_key, @service_api_secret) end
# File lib/authlete/api.rb, line 131 def call_api_service_owner(method, path, content_type, payload) call_api(method, path, content_type, payload, @service_owner_api_key, @service_owner_api_secret) end
# File lib/authlete/api.rb, line 66 def execute(parameters) begin return RestClient::Request.new(parameters).execute rescue RestClient::Exception => e raise on_rest_client_exception(e) rescue => e raise on_general_exception(e) end end
# File lib/authlete/api.rb, line 178 def extract_requestable_scopes(hash) hash.kind_of?(Hash) ? hash[:requestableScopes] : nil end
# File lib/authlete/api.rb, line 115 def has_authlete_api_result?(json) json && json.key?(:resultCode) && json.key?(:resultMessage) end
# File lib/authlete/api.rb, line 127 def on_general_exception(exception) Authlete::Exception.new(message: exception.message) end
# File lib/authlete/api.rb, line 76 def on_rest_client_exception(exception) message = exception.message response = exception.response # Create a base exception. authlete_exception = Authlete::Exception.new(message: message) if response.nil? # No response information. Then, return an exception without HTTP # response information. return authlete_exception end # Extract information from the HTTP response. status_code = response.code response_body = response.body # Set the status code. authlete_exception.status_code = status_code response_body_json = nil begin # Parse the response body as a json. response_body_json = JSON.parse(response_body.to_s, symbolize_names: true) rescue # Failed to parse the response body as a json. Then, return an exception # without HTTP response information. return authlete_exception end # Set the Authlete API result info if it's available. if has_authlete_api_result?(response_body_json) authlete_exception.result = Authlete::Model::Result.new(response_body_json) end authlete_exception end
# File lib/authlete/api.rb, line 167 def to_hash(object) # Return the object if it's already a hash. return object if object.kind_of?(Hash) # Convert the object to a hash if possible and return it. return object.to_hash if object.respond_to?('to_hash') # Otherwise, raise an exception. Authlete::Exception.new(message: "Failed to convert the object to a hash.") end
# File lib/authlete/api.rb, line 161 def to_query(params) return '' if params.nil? or params.empty? '?' + params.map { |k, v| "#{k.to_s}=#{v.to_s}" }.join('&') end