Class: AtprotoAuth::State::Session

Inherits:

Object

• Object
• AtprotoAuth::State::Session

Includes:

MonitorMixin

Defined in:

lib/atproto_auth/state/session.rb

Overview

Tracks state for an OAuth authorization flow session

Instance Attribute Summary

• #auth_server ⇒ Object readonly

  Returns the value of attribute auth_server.

• #client_id ⇒ Object readonly

  Returns the value of attribute client_id.

• #did ⇒ Object

  Returns the value of attribute did.

• #pkce_challenge ⇒ Object readonly

  Returns the value of attribute pkce_challenge.

• #pkce_verifier ⇒ Object readonly

  Returns the value of attribute pkce_verifier.

• #scope ⇒ Object readonly

  Returns the value of attribute scope.

• #session_id ⇒ Object readonly

  Returns the value of attribute session_id.

• #state_token ⇒ Object readonly

  Returns the value of attribute state_token.

• #tokens ⇒ Object

  Returns the value of attribute tokens.

Instance Method Summary

• #authorization_server=(server) ⇒ void

  Updates the authorization server for this session.

• #authorized? ⇒ Boolean

  Whether this session has valid access tokens.

• #initialize(client_id:, scope:, auth_server: nil, did: nil) ⇒ Session constructor

  Creates a new OAuth session.

• #renewable? ⇒ Boolean

  Whether this session can refresh its tokens.

• #validate_state(state) ⇒ Boolean

  Validates a state token against this session.

Constructor Details

#initialize(client_id:, scope:, auth_server: nil, did: nil) ⇒ Session

Creates a new OAuth session

Parameters:

• client_id (String) —

  OAuth client ID

• scope (String) —

  Requested scope

• auth_server (AuthorizationServer, nil) (defaults to: nil) —

  Optional pre-resolved auth server

• did (String, nil) (defaults to: nil) —

  Optional pre-resolved DID

# File 'lib/atproto_auth/state/session.rb', line 22

def initialize(client_id:, scope:, auth_server: nil, did: nil)
  super() # Initialize MonitorMixin

  @session_id = SecureRandom.uuid
  @state_token = SecureRandom.urlsafe_base64(32)
  @client_id = client_id
  @scope = scope
  @auth_server = auth_server
  @did = did

  # Generate PKCE values
  @pkce_verifier = PKCE.generate_verifier
  @pkce_challenge = PKCE.generate_challenge(@pkce_verifier)

  @tokens = nil
end

Instance Attribute Details

#auth_server ⇒ Object (readonly)

Returns the value of attribute auth_server.

# File 'lib/atproto_auth/state/session.rb', line 13

def auth_server
  @auth_server
end

#client_id ⇒ Object (readonly)

Returns the value of attribute client_id.

# File 'lib/atproto_auth/state/session.rb', line 13

def client_id
  @client_id
end

#did ⇒ Object

Returns the value of attribute did.

# File 'lib/atproto_auth/state/session.rb', line 13

def did
  @did
end

#pkce_challenge ⇒ Object (readonly)

Returns the value of attribute pkce_challenge.

# File 'lib/atproto_auth/state/session.rb', line 13

def pkce_challenge
  @pkce_challenge
end

#pkce_verifier ⇒ Object (readonly)

Returns the value of attribute pkce_verifier.

# File 'lib/atproto_auth/state/session.rb', line 13

def pkce_verifier
  @pkce_verifier
end

#scope ⇒ Object (readonly)

Returns the value of attribute scope.

# File 'lib/atproto_auth/state/session.rb', line 13

def scope
  @scope
end

#session_id ⇒ Object (readonly)

Returns the value of attribute session_id.

# File 'lib/atproto_auth/state/session.rb', line 13

def session_id
  @session_id
end

#state_token ⇒ Object (readonly)

Returns the value of attribute state_token.

# File 'lib/atproto_auth/state/session.rb', line 13

def state_token
  @state_token
end

#tokens ⇒ Object

Returns the value of attribute tokens.

# File 'lib/atproto_auth/state/session.rb', line 13

def tokens
  @tokens
end

Instance Method Details

#authorization_server=(server) ⇒ void

This method returns an undefined value.

Updates the authorization server for this session

Parameters:

• server (AuthorizationServer) —

  The resolved auth server

Raises:

• (SessionError) —

  if session is already bound to different server

# File 'lib/atproto_auth/state/session.rb', line 43

def authorization_server=(server)
  synchronize do
    if @auth_server && @auth_server.issuer != server.issuer
      raise SessionError, "Session already bound to different authorization server"
    end

    @auth_server = server
  end
end

#authorized? ⇒ Boolean

Whether this session has valid access tokens

Returns:

• (Boolean)

# File 'lib/atproto_auth/state/session.rb', line 80

def authorized?
  synchronize do
    !@tokens.nil? && !@tokens.expired?
  end
end

#renewable? ⇒ Boolean

Whether this session can refresh its tokens

Returns:

• (Boolean)

# File 'lib/atproto_auth/state/session.rb', line 88

def renewable?
  synchronize do
    !@tokens.nil? && @tokens.renewable?
  end
end

#validate_state(state) ⇒ Boolean

Validates a state token against this session

Parameters:

• state (String) —

  State token to validate

Returns:

• (Boolean)

# File 'lib/atproto_auth/state/session.rb', line 97

def validate_state(state)
  return false unless state

  # Use secure comparison to prevent timing attacks
  secure_compare(@state_token, state)
end