Class: Rack::OAuth2::Server::Helper

Inherits:
Object
  • Object
show all
Defined in:
lib/rack/oauth2/server/helper.rb

Overview

Helper methods that provide access to the OAuth state during the authorization flow, and from authenticated requests. For example:

def show
  logger.info "#{oauth.client.display_name} accessing #{oauth.scope}"
end

Instance Method Summary collapse

Constructor Details

#initialize(request, response) ⇒ Helper

Returns a new instance of Helper.



13
14
15
# File 'lib/rack/oauth2/server/helper.rb', line 13

def initialize(request, response)
  @request, @response = request, response
end

Instance Method Details

#access_tokenString?

Returns the access token. Only applies if client authenticated.

Returns:

  • (String, nil)

    Access token, if authenticated



20
21
22
# File 'lib/rack/oauth2/server/helper.rb', line 20

def access_token
  @access_token ||= @request.env["oauth.access_token"]
end

#authenticated?true, false

True if client authenticated.

Returns:

  • (true, false)

    True if authenticated



27
28
29
# File 'lib/rack/oauth2/server/helper.rb', line 27

def authenticated?
  !!access_token
end

#authorizationString

Returns the authorization request handle. Available when starting an authorization request (i.e. /oauth/authorize).

Returns:

  • (String)

    Authorization handle



88
89
90
# File 'lib/rack/oauth2/server/helper.rb', line 88

def authorization
  @request_id ||= @request.env["oauth.authorization"] || @request.params["authorization"]
end

#authorization=(authorization) ⇒ Object

Sets the authorization request handle. Use this during the authorization flow.

Parameters:

  • authorization (String)

    handle



96
97
98
99
# File 'lib/rack/oauth2/server/helper.rb', line 96

def authorization=(authorization)
  @scope, @client = nil
  @request_id = authorization
end

#clientClient?

Returns the Client object associated with this request. Available if client authenticated, or while processing authorization request.

Returns:

  • (Client, nil)

    Client if authenticated, or while authorizing



43
44
45
46
47
48
49
# File 'lib/rack/oauth2/server/helper.rb', line 43

def client
  if access_token
    @client ||= Server.get_client(Server.get_access_token(access_token).client_id)
  elsif authorization
    @client ||= Server.get_client(Server.get_auth_request(authorization).client_id)
  end
end

#deny!(auth = nil) ⇒ Object

Deny authorization request. Call this at the end of the authorization flow to signal that the user has not authorized the client. Don’t render anything else. Argument required if authorization handle is not passed in the request parameter authorization.

Parameters:

  • auth (String, nil) (defaults to: nil)

    Authorization handle

Returns:

  • 401



124
125
126
127
128
# File 'lib/rack/oauth2/server/helper.rb', line 124

def deny!(auth = nil)
  auth ||= authorization
  @response["oauth.authorization"] = auth.to_s
  @response.status = 403
end

#grant!(auth, identity = nil) ⇒ Object

Grant authorization request. Call this at the end of the authorization flow to signal that the user has authorized the client to access the specified identity. Don’t render anything else. Argument required if authorization handle is not passed in the request parameter authorization.

Parameters:

  • authorization (String, nil)

    Authorization handle

  • identity (String) (defaults to: nil)

    Identity string

Returns:

  • 200



110
111
112
113
114
115
# File 'lib/rack/oauth2/server/helper.rb', line 110

def grant!(auth, identity = nil)
  auth, identity = authorization, auth unless identity
  @response["oauth.authorization"] = auth.to_s
  @response["oauth.identity"] = identity.to_s
  @response.status = 200
end

#identityString?

Returns the authenticated identity. Only applies if client authenticated.

Returns:

  • (String, nil)

    Identity, if authenticated



35
36
37
# File 'lib/rack/oauth2/server/helper.rb', line 35

def identity
  @identity ||= @request.env["oauth.identity"]
end

#inspectObject



138
139
140
141
# File 'lib/rack/oauth2/server/helper.rb', line 138

def inspect
  authorization ? "Authorization request for #{scope.join(",")} on behalf of #{client.display_name}" :
  authenticated? ? "Authenticated as #{identity}" : nil
end

#list_access_tokens(identity) ⇒ Array<AccessToken>

Returns all access tokens associated with this identity.

Parameters:

  • identity (String)

    Identity string

Returns:



134
135
136
# File 'lib/rack/oauth2/server/helper.rb', line 134

def list_access_tokens(identity)
  Rack::OAuth2::Server.list_access_tokens(identity)
end

#no_access!Object

Rejects the request and returns 401 (Unauthorized). You can just return 401, but this also sets the WWW-Authenticate header the right value.

Returns:

  • 401



68
69
70
71
# File 'lib/rack/oauth2/server/helper.rb', line 68

def no_access!
  @response["oauth.no_access"] = "true"
  @response.status = 401
end

#no_scope!(scope) ⇒ Object

Rejects the request and returns 403 (Forbidden). You can just return 403, but this also sets the WWW-Authenticate header the right value. Indicates which scope the client needs to make this request.

Parameters:

  • scope (String)

    The missing scope, e.g. “read”

Returns:

  • 403



79
80
81
82
# File 'lib/rack/oauth2/server/helper.rb', line 79

def no_scope!(scope)
  @response["oauth.no_scope"] = scope.to_s
  @response.status = 403
end

#scopeArray<String>?

Returns scope associated with this request. Available if client authenticated, or while processing authorization request.

Returns:

  • (Array<String>, nil)

    Scope names, e.g [“read, ”write“]



55
56
57
58
59
60
61
# File 'lib/rack/oauth2/server/helper.rb', line 55

def scope
  if access_token
    @scope ||= Server.get_access_token(access_token).scope
  elsif authorization
    @scope ||= Server.get_auth_request(authorization).scope
  end
end