def response
client_id = @a[0]
client_secret = @a[1]
access_tokens = @a[2]
if @h['AUTHORIZATION']
token = @h['AUTHORIZATION'].sub(/^Bearer /, '')
data, _, signature = token.rpartition '.'
expected_sign = Riddl::Utils::OAuth2::Helper::sign(client_id + ':' + client_secret, data)
if !access_tokens.key? token
@status = 403
return Riddl::Parameter::Complex.new('data', 'application/json', {
:error => 'Unknown token'
}.to_json)
elsif signature != expected_sign
@status = 403
return Riddl::Parameter::Complex.new('data', 'application/json', {
:error => 'Invalid token, you bad boy'
}.to_json)
end
header_claims, payload_claims = data.split('.').map { |v| Base64::urlsafe_decode64 v }
payload_claims = JSON::parse payload_claims
if header_claims != Riddl::Utils::OAuth2::Helper::header
@status = 401
return Riddl::Parameter::Complex.new('data', 'application/json', {
:error => 'Invalid header claims'
}.to_json)
elsif payload_claims['exp'] <= Time.now.to_i
@status = 403
return Riddl::Parameter::Complex.new('data', 'application/json', {
:error => 'Expired token'
}.to_json)
elsif !payload_claims['aud'].split(',').map(&:strip).include? client_id
@status = 403
return Riddl::Parameter::Complex.new('data', 'application/json', {
:error => 'Token is not valid for this application'
}.to_json)
end
@headers << Riddl::Header.new('AUTHORIZATION_BEARER', access_tokens.get(token))
end
@p
end