class Authlete::Api

Attributes

extra_headers[RW]
host[RW]
service_api_key[RW]
service_api_secret[RW]
service_owner_api_key[RW]
service_owner_api_secret[RW]

Public Class Methods

new(config = {}) click to toggle source
# File lib/authlete/api.rb, line 36
def initialize(config = {})
  @host                     = config[:host]
  @service_owner_api_key    = config[:service_owner_api_key]
  @service_owner_api_secret = config[:service_owner_api_secret]
  @service_api_key          = config[:service_api_key]
  @service_api_secret       = config[:service_api_secret]
  @extra_headers            = nil
end

Public Instance Methods

authorization(request) click to toggle source
# File lib/authlete/api.rb, line 184
def authorization(request)
  hash = call_api_json_service("/api/auth/authorization", to_hash(request))

  Authlete::Model::Response::AuthorizationResponse.new(hash)
end
authorization_fail(request) click to toggle source
# File lib/authlete/api.rb, line 196
def authorization_fail(request)
  hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))

  Authlete::Model::Response::AuthorizationFailResponse.new(hash)
end
authorization_issue(request) click to toggle source
# File lib/authlete/api.rb, line 190
def authorization_issue(request)
  hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))

  Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
end
backchannel_authentication(request) click to toggle source
# File lib/authlete/api.rb, line 422
def backchannel_authentication(request)
  hash = call_api_json_service("/api/backchannel/authentication", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationResponse.new(hash)
end
backchannel_authentication_complete(request) click to toggle source
# File lib/authlete/api.rb, line 440
def backchannel_authentication_complete(request)
  hash = call_api_json_service("/api/backchannel/authentication/complete", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationCompleteResponse.new(hash)
end
backchannel_authentication_fail(request) click to toggle source
# File lib/authlete/api.rb, line 434
def backchannel_authentication_fail(request)
  hash = call_api_json_service("/api/backchannel/authentication/fail", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationFailResponse.new(hash)
end
backchannel_authentication_issue(request) click to toggle source
# File lib/authlete/api.rb, line 428
def backchannel_authentication_issue(request)
  hash = call_api_json_service("/api/backchannel/authentication/issue", to_hash(request))

  Authlete::Model::Response::BackchannelAuthenticationIssueResponse.new(hash)
end
client_create(client) click to toggle source
# File lib/authlete/api.rb, line 254
def client_create(client)
  hash = call_api_json_service("/api/client/create", to_hash(client))

  Authlete::Model::Client.new(hash)
end
client_delete(client_id) click to toggle source
# File lib/authlete/api.rb, line 260
def client_delete(client_id)
  call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
end
client_get(client_id) click to toggle source
# File lib/authlete/api.rb, line 264
def client_get(client_id)
  hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)

  Authlete::Model::Client.new(hash)
end
client_get_list(params = nil) click to toggle source
# File lib/authlete/api.rb, line 270
def client_get_list(params = nil)
  hash = call_api_service(:get, "/api/client/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ClientListResponse.new(hash)
end
client_update(client) click to toggle source
# File lib/authlete/api.rb, line 276
def client_update(client)
  hash = call_api_json_service("/api/client/update/#{client.clientId}", to_hash(client))

  Authlete::Model::Client.new(hash)
end
delete_client_authorization(client_id, subject) click to toggle source
# File lib/authlete/api.rb, line 306
def delete_client_authorization(client_id, subject)
  request = Authlete::Model::Request::ClientAuthorizationDeleteRequest.new(subject: subject)

  call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
end
delete_granted_scopes(client_id, subject) click to toggle source
# File lib/authlete/api.rb, line 376
def delete_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", to_hash(request))
end
delete_requestable_scopes(client_id) click to toggle source
# File lib/authlete/api.rb, line 394
def delete_requestable_scopes(client_id)
  call_api_service(:delete, "/api/client/extension/requestable_scopes/delete/#{client_id}", nil, nil)
end
device_authorization(request) click to toggle source
# File lib/authlete/api.rb, line 446
def device_authorization(request)
  hash = call_api_json_service("/api/device/authorization", to_hash(request))

  Authlete::Model::Response::DeviceAuthorizationResponse.new(hash)
end
device_complete(request) click to toggle source
# File lib/authlete/api.rb, line 452
def device_complete(request)
  hash = call_api_json_service("/api/device/complete", to_hash(request))

  Authlete::Model::Response::DeviceCompleteResponse.new(hash)
end
device_verification(request) click to toggle source
# File lib/authlete/api.rb, line 458
def device_verification(request)
  hash = call_api_json_service("/api/device/verification", to_hash(request))

  Authlete::Model::Response::DeviceVerificationResponse.new(hash)
end
dynamic_client_delete(request) click to toggle source
# File lib/authlete/api.rb, line 416
def dynamic_client_delete(request)
  hash = call_api_json_service("/api/client/registration/delete", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end
dynamic_client_get(request) click to toggle source
# File lib/authlete/api.rb, line 404
def dynamic_client_get(request)
  hash = call_api_json_service("/api/client/registration/get", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end
dynamic_client_register(request) click to toggle source
# File lib/authlete/api.rb, line 398
def dynamic_client_register(request)
  hash = call_api_json_service("/api/client/registration", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end
dynamic_client_update(request) click to toggle source
# File lib/authlete/api.rb, line 410
def dynamic_client_update(request)
  hash = call_api_json_service("/api/client/registration/update", to_hash(request))

  Authlete::Model::Response::ClientRegistrationResponse.new(hash)
end
emit_rack_error_message(request, message) click to toggle source
# File lib/authlete/api.rb, line 533
def emit_rack_error_message(request, message)
  begin
    # Logging if possible.
    request.env['rack.errors'].write("ERROR: #{message}\n")
  rescue => e
  end
end
get_client_authorization_list(request) click to toggle source
# File lib/authlete/api.rb, line 296
def get_client_authorization_list(request)
  hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))

  Authlete::Model::Response::AuthorizedClientListResponse.new(hash)
end
get_granted_scopes(client_id, subject) click to toggle source
# File lib/authlete/api.rb, line 368
def get_granted_scopes(client_id, subject)
  request = Authlete::Model::Request::GrantedScopesRequest.new(subject: subject)

  hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", to_hash(request))

  Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
end
get_requestable_scopes(client_id) click to toggle source
# File lib/authlete/api.rb, line 382
def get_requestable_scopes(client_id)
  hash = call_api_service(:get, "/api/client/extension/requestable_scopes/get/#{client_id}", nil, nil)

  extract_requestable_scopes(hash)
end
get_service_configuration(params = nil) click to toggle source
# File lib/authlete/api.rb, line 346
def get_service_configuration(params = nil)
  call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
end
get_service_jwks(params = nil) click to toggle source
# File lib/authlete/api.rb, line 342
def get_service_jwks(params = nil)
  call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
end
get_token_list(params = nil) click to toggle source
# File lib/authlete/api.rb, line 362
def get_token_list(params = nil)
  hash = call_api_service(:get, "/api/auth/token/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::TokenListResponse.new(hash)
end
introspection(request) click to toggle source
# File lib/authlete/api.rb, line 312
def introspection(request)
  hash = call_api_json_service('/api/auth/introspection', to_hash(request))

  Authlete::Model::Response::IntrospectionResponse.new(hash)
end
protect_resource(request, scopes = nil, subject = nil) click to toggle source

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /api/auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Model::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.

# File lib/authlete/api.rb, line 492
def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'BAD_REQUEST',
      responseContent: 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  # Create a request for Authlete's /api/auth/introspection API.
  request = Authlete::Model::Request::IntrospectionRequest.new(
    token:   access_token,
    scopes:  scopes,
    subject: subject
  )

  begin
    # Call Authlete's /api/auth/introspection API to introspect the access token.
    result = introspection(request)
  rescue => e
    # Error message.
    message = build_error_message('/api/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Model::Response::IntrospectionResponse.new(
      action:          'INTERNAL_SERVER_ERROR',
      responseContent: "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /api/auth/introspection API.
  result
end
push_authorization_request(request) click to toggle source
# File lib/authlete/api.rb, line 464
def push_authorization_request(request)
  hash = call_api_json_service("/api/pushed_auth_req", to_hash(request))

  Authlete::Model::Response::PushedAuthReqResponse.new(hash)
end
refresh_client_secret(client_identifier) click to toggle source
# File lib/authlete/api.rb, line 282
def refresh_client_secret(client_identifier)
  hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)

  Authlete::Model::Response::ClientSecretRefreshResponse.new(hash)
end
revocation(request) click to toggle source
# File lib/authlete/api.rb, line 324
def revocation(request)
  hash = call_api_json_service("/api/auth/revocation", to_hash(request))

  Authlete::Model::Response::RevocationResponse.new(hash)
end
service_create(service) click to toggle source
# File lib/authlete/api.rb, line 220
def service_create(service)
  hash = call_api_json_service_owner("/api/service/create", to_hash(service))

  Authlete::Model::Service.new(hash)
end
service_delete(api_key) click to toggle source
# File lib/authlete/api.rb, line 226
def service_delete(api_key)
  call_api_service_owner(:delete, "/api/service/delete/#{api_key}", nil, nil)
end
service_get(api_key) click to toggle source
# File lib/authlete/api.rb, line 230
def service_get(api_key)
  hash = call_api_service_owner(:get, "/api/service/get/#{api_key}", nil, nil)

  Authlete::Model::Service.new(hash)
end
service_get_list(params = nil) click to toggle source
# File lib/authlete/api.rb, line 236
def service_get_list(params = nil)
  hash = call_api_service_owner(:get, "/api/service/get/list#{to_query(params)}", nil, nil)

  Authlete::Model::Response::ServiceListResponse.new(hash)
end
service_update(api_key, service) click to toggle source
# File lib/authlete/api.rb, line 242
def service_update(api_key, service)
  hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))

  Authlete::Model::Service.new(hash)
end
serviceowner_get_self() click to toggle source
# File lib/authlete/api.rb, line 248
def serviceowner_get_self
  hash = call_api_service_owner(:get, "/api/serviceowner/get/self", nil, nil)

  Authlete::Model::ServiceOwner.new(hash)
end
set_requestable_scopes(client_id, scopes) click to toggle source
# File lib/authlete/api.rb, line 388
def set_requestable_scopes(client_id, scopes)
  hash = call_api_json_service("/api/client/extension/requestable_scopes/update/#{client_id}", { requestableScopes: scopes })

  extract_requestable_scopes(hash)
end
standard_introspection(request) click to toggle source
# File lib/authlete/api.rb, line 318
def standard_introspection(request)
  hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))

  Authlete::Model::Response::StandardIntrospectionResponse.new(hash)
end
token(request) click to toggle source
# File lib/authlete/api.rb, line 202
def token(request)
  hash = call_api_json_service("/api/auth/token", to_hash(request))

  Authlete::Model::Response::TokenResponse.new(hash)
end
token_create(request) click to toggle source
# File lib/authlete/api.rb, line 350
def token_create(request)
  hash = call_api_json_service("/api/auth/token/create", to_hash(request))

  Authlete::Model::Response::TokenCreateResponse.new(hash)
end
token_fail(request) click to toggle source
# File lib/authlete/api.rb, line 214
def token_fail(request)
  hash = call_api_json_service("/api/auth/token/fail", to_hash(request))

  Authlete::Model::Response::TokenFailResponse.new(hash)
end
token_issue(request) click to toggle source
# File lib/authlete/api.rb, line 208
def token_issue(request)
  hash = call_api_json_service("/api/auth/token/issue", to_hash(request))

  Authlete::Model::Response::TokenIssueResponse.new(hash)
end
token_update(request) click to toggle source
# File lib/authlete/api.rb, line 356
def token_update(request)
  hash = call_api_json_service("/api/auth/token/update", to_hash(request))

  Authlete::Model::Response::TokenUpdateResponse.new(hash)
end
update_client_authorization(client_id, request) click to toggle source
# File lib/authlete/api.rb, line 302
def update_client_authorization(client_id, request)
  call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
end
update_client_secret(client_identifier, client_secret) click to toggle source
# File lib/authlete/api.rb, line 288
def update_client_secret(client_identifier, client_secret)
  request = Authlete::Model::Request::ClientSecretUpdateRequest.new(clientSecret: client_secret)

  hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)

  Authlete::Model::Response::ClientSecretUpdateResponse.new(hash)
end
user_info(request) click to toggle source
# File lib/authlete/api.rb, line 330
def user_info(request)
  hash = call_api_json_service("/api/auth/userinfo", to_hash(request))

  Authlete::Model::Response::UserInfoResponse.new(hash)
end
user_info_issue(request) click to toggle source
# File lib/authlete/api.rb, line 336
def user_info_issue(request)
  hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))

  Authlete::Model::Response::UserInfoIssueResponse.new(hash)
end

Private Instance Methods

body_as_string(response) click to toggle source
# File lib/authlete/api.rb, line 119
def body_as_string(response)
  return nil if response.body.nil?

  body = response.body.to_s

  body.empty? ? nil : body
end
build_error_message(path, exception) click to toggle source
# File lib/authlete/api.rb, line 151
def build_error_message(path, exception)
  begin
    # Use "resultMessage" if the response can be parsed as JSON.
    JSON.parse(exception.response.to_str)['resultMessage']
  rescue
    # Build a generic error message.
    "Authlete's #{path} API failed."
  end
end
call_api(method, path, content_type, payload, user, password) click to toggle source
# File lib/authlete/api.rb, line 45
def call_api(method, path, content_type, payload, user, password)
  headers = {}

  headers.merge!(content_type: content_type) unless content_type.nil?

  headers.merge!(@extra_headers) unless @extra_headers.nil?

  response = execute(
    method:   method,
    url:      @host + path,
    headers:  headers,
    payload:  payload,
    user:     user,
    password: password
  )

  body = body_as_string(response)

  body && JSON.parse(body, symbolize_names: true)
end
call_api_json(path, body, user, password) click to toggle source
# File lib/authlete/api.rb, line 139
def call_api_json(path, body, user, password)
  call_api(:post, path, 'application/json;charset=UTF-8', JSON.generate(body), user, password)
end
call_api_json_service(path, body) click to toggle source
# File lib/authlete/api.rb, line 147
def call_api_json_service(path, body)
  call_api_json(path, body, @service_api_key, @service_api_secret)
end
call_api_json_service_owner(path, body) click to toggle source
# File lib/authlete/api.rb, line 143
def call_api_json_service_owner(path, body)
  call_api_json(path, body, @service_owner_api_key, @service_owner_api_secret)
end
call_api_service(method, path, content_type, payload) click to toggle source
# File lib/authlete/api.rb, line 135
def call_api_service(method, path, content_type, payload)
  call_api(method, path, content_type, payload, @service_api_key, @service_api_secret)
end
call_api_service_owner(method, path, content_type, payload) click to toggle source
# File lib/authlete/api.rb, line 131
def call_api_service_owner(method, path, content_type, payload)
  call_api(method, path, content_type, payload, @service_owner_api_key, @service_owner_api_secret)
end
execute(parameters) click to toggle source
# File lib/authlete/api.rb, line 66
def execute(parameters)
  begin
    return RestClient::Request.new(parameters).execute
  rescue RestClient::Exception => e
    raise on_rest_client_exception(e)
  rescue => e
    raise on_general_exception(e)
  end
end
extract_requestable_scopes(hash) click to toggle source
# File lib/authlete/api.rb, line 178
def extract_requestable_scopes(hash)
  hash.kind_of?(Hash) ? hash[:requestableScopes] : nil
end
has_authlete_api_result?(json) click to toggle source
# File lib/authlete/api.rb, line 115
def has_authlete_api_result?(json)
  json && json.key?(:resultCode) && json.key?(:resultMessage)
end
on_general_exception(exception) click to toggle source
# File lib/authlete/api.rb, line 127
def on_general_exception(exception)
  Authlete::Exception.new(message: exception.message)
end
on_rest_client_exception(exception) click to toggle source
# File lib/authlete/api.rb, line 76
def on_rest_client_exception(exception)
  message  = exception.message
  response = exception.response

  # Create a base exception.
  authlete_exception = Authlete::Exception.new(message: message)

  if response.nil?
    # No response information. Then, return an exception without HTTP
    # response information.
    return authlete_exception
  end

  # Extract information from the HTTP response.
  status_code   = response.code
  response_body = response.body

  # Set the status code.
  authlete_exception.status_code = status_code

  response_body_json = nil

  begin
    # Parse the response body as a json.
    response_body_json = JSON.parse(response_body.to_s, symbolize_names: true)
  rescue
    # Failed to parse the response body as a json. Then, return an exception
    # without HTTP response information.
    return authlete_exception
  end

  # Set the Authlete API result info if it's available.
  if has_authlete_api_result?(response_body_json)
    authlete_exception.result = Authlete::Model::Result.new(response_body_json)
  end

  authlete_exception
end
to_hash(object) click to toggle source
# File lib/authlete/api.rb, line 167
def to_hash(object)
  # Return the object if it's already a hash.
  return object if object.kind_of?(Hash)

  # Convert the object to a hash if possible and return it.
  return object.to_hash if object.respond_to?('to_hash')

  # Otherwise, raise an exception.
  Authlete::Exception.new(message: "Failed to convert the object to a hash.")
end
to_query(params) click to toggle source
# File lib/authlete/api.rb, line 161
def to_query(params)
  return '' if params.nil? or params.empty?

  '?' + params.map { |k, v| "#{k.to_s}=#{v.to_s}" }.join('&')
end