Class: AtprotoAuth::ClientMetadata

Inherits:

Object

• Object
• AtprotoAuth::ClientMetadata

Defined in:

lib/atproto_auth/client_metadata.rb

Overview

Handles validation and management of AT Protocol OAuth client metadata according to the specification. This includes required fields like client_id and redirect URIs, optional metadata like client name and logo, and authentication configuration for confidential clients. Validates that all fields conform to the protocol’s requirements, including:

• Application type (web/native) validation and redirect URI rules

• Required scopes and grant types

• JWKS configuration for confidential clients

• DPoP binding requirements

• URI scheme and format validation

Instance Attribute Summary

• #application_type ⇒ Object readonly

  Required fields.

• #client_id ⇒ Object readonly

  Required fields.

• #client_name ⇒ Object readonly

  Optional fields.

• #client_uri ⇒ Object readonly

  Optional fields.

• #grant_types ⇒ Object readonly

  Required fields.

• #jwks ⇒ Object readonly

  Authentication and key-related fields.

• #jwks_uri ⇒ Object readonly

  Authentication and key-related fields.

• #logo_uri ⇒ Object readonly

  Optional fields.

• #policy_uri ⇒ Object readonly

  Optional fields.

• #redirect_uris ⇒ Object readonly

  Required fields.

• #response_types ⇒ Object readonly

  Required fields.

• #scope ⇒ Object readonly

  Required fields.

• #token_endpoint_auth_method ⇒ Object readonly

  Authentication and key-related fields.

• #tos_uri ⇒ Object readonly

  Optional fields.

Class Method Summary

• .from_url(url) ⇒ ClientMetadata

  Fetches client metadata from a URL and creates a new instance.

Instance Method Summary

• #confidential? ⇒ Boolean

  Determines if the client is confidential (has authentication keys).

• #initialize(metadata) ⇒ ClientMetadata constructor

  Initializes a new ClientMetadata instance from metadata hash.

Constructor Details

#initialize(metadata) ⇒ ClientMetadata

Initializes a new ClientMetadata instance from metadata hash.

Parameters:

• metadata (Hash) —

  Client metadata.

Raises:

• (InvalidClientMetadata) —

  if metadata is invalid.

# File 'lib/atproto_auth/client_metadata.rb', line 35

def initialize(metadata)
  validate_and_set_metadata!(metadata)
end

Instance Attribute Details

#application_type ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def application_type
  @application_type
end

#client_id ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def client_id
  @client_id
end

#client_name ⇒ Object (readonly)

Optional fields

# File 'lib/atproto_auth/client_metadata.rb', line 28

def client_name
  @client_name
end

#client_uri ⇒ Object (readonly)

Optional fields

# File 'lib/atproto_auth/client_metadata.rb', line 28

def client_uri
  @client_uri
end

#grant_types ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def grant_types
  @grant_types
end

#jwks ⇒ Object (readonly)

Authentication and key-related fields

# File 'lib/atproto_auth/client_metadata.rb', line 30

def jwks
  @jwks
end

#jwks_uri ⇒ Object (readonly)

Authentication and key-related fields

# File 'lib/atproto_auth/client_metadata.rb', line 30

def jwks_uri
  @jwks_uri
end

#logo_uri ⇒ Object (readonly)

Optional fields

# File 'lib/atproto_auth/client_metadata.rb', line 28

def logo_uri
  @logo_uri
end

#policy_uri ⇒ Object (readonly)

Optional fields

# File 'lib/atproto_auth/client_metadata.rb', line 28

def policy_uri
  @policy_uri
end

#redirect_uris ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def redirect_uris
  @redirect_uris
end

#response_types ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def response_types
  @response_types
end

#scope ⇒ Object (readonly)

Required fields

# File 'lib/atproto_auth/client_metadata.rb', line 26

def scope
  @scope
end

#token_endpoint_auth_method ⇒ Object (readonly)

Authentication and key-related fields

# File 'lib/atproto_auth/client_metadata.rb', line 30

def token_endpoint_auth_method
  @token_endpoint_auth_method
end

#tos_uri ⇒ Object (readonly)

Optional fields

# File 'lib/atproto_auth/client_metadata.rb', line 28

def tos_uri
  @tos_uri
end

Class Method Details

.from_url(url) ⇒ ClientMetadata

Fetches client metadata from a URL and creates a new instance.

Parameters:

• url (String) —

  URL to fetch metadata from.

Returns:

• (ClientMetadata) —

  new instance with fetched metadata.

Raises:

• (InvalidClientMetadata) —

  if metadata is invalid or cannot be fetched.

# File 'lib/atproto_auth/client_metadata.rb', line 43

def self.from_url(url)
  validate_url!(url)
  response = fetch_metadata(url)
  metadata = parse_metadata(response[:body])
  validate_client_id!(metadata["client_id"], url)
  new(metadata)
end

Instance Method Details

#confidential? ⇒ Boolean

Determines if the client is confidential (has authentication keys).

Returns:

• (Boolean) —

  true if client is confidential.

# File 'lib/atproto_auth/client_metadata.rb', line 53

def confidential?
  token_endpoint_auth_method == "private_key_jwt"
end