Class: AtProto::Client

Inherits:

Object

• Object
• AtProto::Client

Defined in:

lib/atproto_client/client.rb

Overview

The Client class handles authenticated HTTP requests to the AT Protocol services with DPoP token support and token request capabilities.

Instance Attribute Summary

• #access_token ⇒ Object

  Returns the value of attribute access_token.

• #dpop_handler ⇒ DpopHandler

  The handler for DPoP token operations.

Instance Method Summary

• #get_token!(code:, jwk:, client_id:, site:, endpoint:, redirect_uri:, code_verifier:) ⇒ Hash

  Gets a new access token using an authorization code.

• #initialize(private_key:, access_token: nil) ⇒ Client constructor

  Initializes a new AT Protocol client.

• #private_key=(private_key) ⇒ Object

  Sets a new private key for DPoP token signing.

• #refresh_token!(refresh_token:, jwk:, client_id:, site:, endpoint:) ⇒ Hash

  Refreshes the access token using a refresh token.

• #request(method, url, params: {}, body: nil, headers: {}) ⇒ Hash

  Makes an authenticated HTTP request.

Constructor Details

#initialize(private_key:, access_token: nil) ⇒ Client

Initializes a new AT Protocol client

Parameters:

• private_key (OpenSSL::PKey::EC) —

  The EC private key used for DPoP token signing (required)

• access_token (String, nil) (defaults to: nil) —

  Optional access token for authentication

Raises:

• (ArgumentError) —

  If private_key is not provided or not an OpenSSL::PKey::EC instance

# File 'lib/atproto_client/client.rb', line 17

def initialize(private_key:, access_token: nil)
  @private_key = private_key
  @access_token = access_token
  @dpop_handler = DpopHandler.new(private_key, access_token)
end

Instance Attribute Details

#access_token ⇒ Object

Returns the value of attribute access_token.

# File 'lib/atproto_client/client.rb', line 9

def access_token
  @access_token
end

#dpop_handler ⇒ DpopHandler

The handler for DPoP token operations

Returns:

• (DpopHandler) —

  the current value of dpop_handler

# File 'lib/atproto_client/client.rb', line 8

def dpop_handler
  @dpop_handler
end

Instance Method Details

#get_token!(code:, jwk:, client_id:, site:, endpoint:, redirect_uri:, code_verifier:) ⇒ Hash

Gets a new access token using an authorization code

Parameters:

• code (String) —

  The authorization code

• jwk (Hash) —

  The JWK for signing

• client_id (String) —

  The client ID

• site (String) —

  The token audience

• endpoint (String) —

  The token endpoint URL

• redirect_uri (String) —

  The application’s oauth callback url

Returns:

• (Hash) —

  The token response

Raises:

• (AuthError) —

  When forbidden by the server

• (APIError) —

  On other errors from the server

# File 'lib/atproto_client/client.rb', line 65

def get_token!(code:, jwk:, client_id:, site:, endpoint:, redirect_uri:, code_verifier:)
  response = @dpop_handler.make_request(
    endpoint,
    :post,
    headers: {
      'Content-Type' => 'application/json',
      'Accept' => 'application/json'
    },
    body: token_params(
      code: code,
      jwk: jwk,
      client_id: client_id,
      site: site,
      redirect_uri: redirect_uri,
      code_verifier: code_verifier
    )
  )
  @access_token = response['access_token']
  response
end

#private_key=(private_key) ⇒ Object

Sets a new private key for DPoP token signing

Parameters:

• private_key (OpenSSL::PKey::EC) —

  The EC private key to use for signing DPoP tokens (required)

Raises:

• (ArgumentError) —

  If private_key is not an OpenSSL::PKey::EC instance

# File 'lib/atproto_client/client.rb', line 27

def private_key=(private_key)
  @dpop_handler = @dpop_handler.new(private_key, @access_token)
end

#refresh_token!(refresh_token:, jwk:, client_id:, site:, endpoint:) ⇒ Hash

Refreshes the access token using a refresh token

Parameters:

• refresh_token (String) —

  The refresh token

• jwk (Hash) —

  The JWK for signing

• client_id (String) —

  The client ID

• site (String) —

  The token audience

• endpoint (String) —

  The token endpoint URL

Returns:

• (Hash) —

  The token response

Raises:

• (AuthError) —

  When forbidden by the server

• (APIError) —

  On other errors from the server

# File 'lib/atproto_client/client.rb', line 97

def refresh_token!(refresh_token:, jwk:, client_id:, site:, endpoint:)
  @dpop_handler.access_token = nil
  response = @dpop_handler.make_request(
    endpoint,
    :post,
    headers: {
      'Content-Type' => 'application/json',
      'Accept' => 'application/json'
    },
    body: refresh_token_params(
      refresh_token: refresh_token,
      jwk: jwk,
      client_id: client_id,
      site: site
    )
  )
  @access_token = response['access_token']
  @dpop_handler.access_token = @access_token
  response
end

#request(method, url, params: {}, body: nil, headers: {}) ⇒ Hash

Makes an authenticated HTTP request

Parameters:

• method (Symbol) —

  The HTTP method to use (:get, :post, etc.)

• url (String) —

  The URL to send the request to

• params (Hash) (defaults to: {}) —

  Optional query parameters to be added to the URL

• body (Hash, nil) (defaults to: nil) —

  Optional request body for POST/PUT requests

Returns:

• (Hash) —

  The parsed JSON response

Raises:

• (TokenExpiredError) —

  When the access token has expired

• (AuthError) —

  When forbidden by the server for other reasons

• (APIError) —

  On other errors from the server

# File 'lib/atproto_client/client.rb', line 42

def request(method, url, params: {}, body: nil, headers: {})
  uri = URI(url)
  uri.query = URI.encode_www_form(params) if params.any?
  @dpop_handler.make_request(
    uri.to_s,
    method,
    headers: { 'Authorization' => "DPoP #{@access_token}" }.merge(headers),
    body: body
  )
end