Class: AtprotoAuth::ServerMetadata::AuthorizationServer

Inherits:

Object

• Object
• AtprotoAuth::ServerMetadata::AuthorizationServer

Defined in:

lib/atproto_auth/server_metadata/authorization_server.rb

Overview

Handles fetching and validation of AT Protocol OAuth Authorization Server metadata. An Authorization Server in atproto can be either a PDS instance or a separate “entryway” server that handles authentication for multiple PDS instances.

The Authorization Server metadata is fetched from the well-known endpoint /.well-known/oauth-authorization-server and must conform to RFC 8414 plus additional requirements specific to the AT Protocol OAuth profile.

Examples:

Fetching and validating Authorization Server metadata

begin
  auth_server = AtprotoAuth::ServerMetadata::AuthorizationServer.from_issuer("https://auth.example.com")
  puts "Authorization endpoint: #{auth_server.authorization_endpoint}"
  puts "Supported scopes: #{auth_server.scopes_supported}"
rescue AtprotoAuth::InvalidAuthorizationServer => e
  puts "Failed to validate authorization server: #{e.message}"
end

See Also:

• Documentation of Authorization Server requirements

Constant Summary

REQUIRED_FIELDS =

%w[
  issuer
  authorization_endpoint
  token_endpoint
  response_types_supported
  grant_types_supported
  code_challenge_methods_supported
  token_endpoint_auth_methods_supported
  token_endpoint_auth_signing_alg_values_supported
  scopes_supported
  dpop_signing_alg_values_supported
  pushed_authorization_request_endpoint
].freeze

Instance Attribute Summary

• #authorization_endpoint ⇒ Object readonly

  Returns the value of attribute authorization_endpoint.

• #code_challenge_methods_supported ⇒ Object readonly

  Returns the value of attribute code_challenge_methods_supported.

• #dpop_signing_alg_values_supported ⇒ Object readonly

  Returns the value of attribute dpop_signing_alg_values_supported.

• #grant_types_supported ⇒ Object readonly

  Returns the value of attribute grant_types_supported.

• #issuer ⇒ Object readonly

  Returns the value of attribute issuer.

• #pushed_authorization_request_endpoint ⇒ Object readonly

  Returns the value of attribute pushed_authorization_request_endpoint.

• #response_types_supported ⇒ Object readonly

  Returns the value of attribute response_types_supported.

• #scopes_supported ⇒ Object readonly

  Returns the value of attribute scopes_supported.

• #token_endpoint ⇒ Object readonly

  Returns the value of attribute token_endpoint.

• #token_endpoint_auth_methods_supported ⇒ Object readonly

  Returns the value of attribute token_endpoint_auth_methods_supported.

• #token_endpoint_auth_signing_alg_values_supported ⇒ Object readonly

  Returns the value of attribute token_endpoint_auth_signing_alg_values_supported.

Class Method Summary

• .from_issuer(issuer) ⇒ AuthorizationServer

  Fetches and validates Authorization Server metadata from an issuer URL.

Instance Method Summary

• #initialize(metadata) ⇒ AuthorizationServer constructor

  A new instance of AuthorizationServer.

• #to_h ⇒ Object

Constructor Details

#initialize(metadata) ⇒ AuthorizationServer

Returns a new instance of AuthorizationServer.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 45

def initialize(metadata)
  validate_and_set_metadata!(metadata)
end

Instance Attribute Details

#authorization_endpoint ⇒ Object (readonly)

Returns the value of attribute authorization_endpoint.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def authorization_endpoint
  @authorization_endpoint
end

#code_challenge_methods_supported ⇒ Object (readonly)

Returns the value of attribute code_challenge_methods_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def code_challenge_methods_supported
  @code_challenge_methods_supported
end

#dpop_signing_alg_values_supported ⇒ Object (readonly)

Returns the value of attribute dpop_signing_alg_values_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def dpop_signing_alg_values_supported
  @dpop_signing_alg_values_supported
end

#grant_types_supported ⇒ Object (readonly)

Returns the value of attribute grant_types_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def grant_types_supported
  @grant_types_supported
end

#issuer ⇒ Object (readonly)

Returns the value of attribute issuer.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def issuer
  @issuer
end

#pushed_authorization_request_endpoint ⇒ Object (readonly)

Returns the value of attribute pushed_authorization_request_endpoint.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def pushed_authorization_request_endpoint
  @pushed_authorization_request_endpoint
end

#response_types_supported ⇒ Object (readonly)

Returns the value of attribute response_types_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def response_types_supported
  @response_types_supported
end

#scopes_supported ⇒ Object (readonly)

Returns the value of attribute scopes_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def scopes_supported
  @scopes_supported
end

#token_endpoint ⇒ Object (readonly)

Returns the value of attribute token_endpoint.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def token_endpoint
  @token_endpoint
end

#token_endpoint_auth_methods_supported ⇒ Object (readonly)

Returns the value of attribute token_endpoint_auth_methods_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def token_endpoint_auth_methods_supported
  @token_endpoint_auth_methods_supported
end

#token_endpoint_auth_signing_alg_values_supported ⇒ Object (readonly)

Returns the value of attribute token_endpoint_auth_signing_alg_values_supported.

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 38

def token_endpoint_auth_signing_alg_values_supported
  @token_endpoint_auth_signing_alg_values_supported
end

Class Method Details

.from_issuer(issuer) ⇒ AuthorizationServer

Fetches and validates Authorization Server metadata from an issuer URL

Parameters:

• issuer (String) —

  Authorization Server issuer URL

Returns:

• (AuthorizationServer) —

  new instance with fetched metadata

Raises:

• (InvalidAuthorizationServer) —

  if metadata is invalid

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 53

def self.from_issuer(issuer)
  response = fetch_metadata(issuer)
  metadata = parse_metadata(response[:body])
  validate_issuer!(metadata["issuer"], issuer)
  new(metadata)
end

Instance Method Details

#to_h ⇒ Object

# File 'lib/atproto_auth/server_metadata/authorization_server.rb', line 60

def to_h
  {
    issuer: issuer,
    authorization_endpoint: authorization_endpoint,
    token_endpoint: token_endpoint,
    pushed_authorization_request_endpoint: pushed_authorization_request_endpoint,
    response_types_supported: response_types_supported,
    grant_types_supported: grant_types_supported,
    code_challenge_methods_supported: code_challenge_methods_supported,
    token_endpoint_auth_methods_supported: token_endpoint_auth_methods_supported,
    token_endpoint_auth_signing_alg_values_supported: token_endpoint_auth_signing_alg_values_supported,
    scopes_supported: scopes_supported,
    dpop_signing_alg_values_supported: dpop_signing_alg_values_supported,
    authorization_response_iss_parameter_supported: true,
    require_pushed_authorization_requests: true,
    client_id_metadata_document_supported: true
  }
end