Class: Authlete::Client

Inherits:
Object
  • Object
show all
Includes:
Utility
Defined in:
lib/authlete/client.rb

Overview

Authlete::Client Module

A web client that accesses Authlete Web APIs.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Utility

#extract_access_token, #extract_boolean_value, #extract_integer_value, #extract_value, #to_rack_response_json, #to_rack_response_www_authenticate

Constructor Details

#initialize(config = {}) ⇒ Client

The constructor which takes a hash containing configuration parameters. Valid configuration parameter names are as follows.

  • :host

  • :service_owner_api_key

  • :service_owner_api_secret

  • :service_api_key

  • :service_api_secret



56
57
58
59
60
61
62
 
# File 'lib/authlete/client.rb', line 56

def initialize(config = {})
  @host                     = extract_value(config, :host)
  @service_owner_api_key    = extract_value(config, :service_owner_api_key)
  @service_owner_api_secret = extract_value(config, :service_owner_api_secret)
  @service_api_key          = extract_value(config, :service_api_key)
  @service_api_secret       = extract_value(config, :service_api_secret)
end

Instance Attribute Details

#hostObject

The host which provides Authlete Web APIs. For example, https://evaluation-dot-authlete.appspot.com



33
34
35
 
# File 'lib/authlete/client.rb', line 33

def host
  @host
end

#service_api_keyObject

The API key of a service.



42
43
44
 
# File 'lib/authlete/client.rb', line 42

def service_api_key
  @service_api_key
end

#service_api_secretObject

The API secret of a service.



45
46
47
 
# File 'lib/authlete/client.rb', line 45

def service_api_secret
  @service_api_secret
end

#service_owner_api_keyObject

The API key of a service owner.



36
37
38
 
# File 'lib/authlete/client.rb', line 36

def service_owner_api_key
  @service_owner_api_key
end

#service_owner_api_secretObject

The API secret of a service owner.



39
40
41
 
# File 'lib/authlete/client.rb', line 39

def service_owner_api_secret
  @service_owner_api_secret
end

Instance Method Details

#introspection(token, scopes = nil, subject = nil) ⇒ Object

Call Authlete’s /auth/introspection

www.authlete.com/authlete_web_apis_introspection.html#auth_introspection

API.

token is an access token presented by a client application. This is a must parameter. In a typical case, a client application uses one of the means listed in RFC 6750 to present an access token to a resource endpoint [tools.ietf.org/html/rfc6749#section-7].

scopes is an array of scope names. This is an optional parameter. When the specified scopes are not covered by the access token, Authlete prepares the content of the error response.

subject is a unique identifier of an end-user. This is an optional parameter. When the access token is not associated with the specified subject, Authlete prepares the content of the error response.

On success, this method returns an instance of Authlete::Response::IntrospectionResponse. On error, this method throws RestClient::Exception.



132
133
134
135
136
137
 
# File 'lib/authlete/client.rb', line 132

def introspection(token, scopes = nil, subject = nil)
  hash = call_api_json_service('/api/auth/introspection',
    :token => token, :scopes => scopes, :subject => subject)

  Authlete::Response::IntrospectionResponse.new(hash)
end

#protect_resource(request, scopes = nil, subject = nil) ⇒ Object

Ensure that the request contains a valid access token.

This method extracts an access token from the given request based on the rules described in RFC 6750 and introspects the access token by calling Authlete’s /auth/introspection API.

The first argument request is a Rack request.

The second argument scopes is an array of scope names required to access the target protected resource. This argument is optional.

The third argument subject is a string which representing a subject which has to be associated with the access token. This argument is optional.

This method returns an instance of Authlete::Response::IntrospectionResponse. If its action method returns ‘OK’, it means that the access token exists, has not expired, covers the requested scopes (if specified), and is associated with the requested subject (if specified). Otherwise, it means that the request does not contain any access token or that the access token does not satisfy the conditions to access the target protected resource.



161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
 
# File 'lib/authlete/client.rb', line 161

def protect_resource(request, scopes = nil, subject = nil)
  # Extract an access token from the request.
  access_token = extract_access_token(request)

  # If the request does not contain any access token.
  if access_token.nil?
    # The request does not contain a valid access token.
    return Authlete::Response::IntrospectionResponse.new(
      :action          => 'BAD_REQUEST',
      :responseContent => 'Bearer error="invalid_token",error_description="The request does not contain a valid access token."'
    )
  end

  begin
    # Call Authlete's /auth/introspection API to introspect the access token.
    result = introspection(access_token, scopes, subject)
  rescue => e
    # Error message.
    message = build_error_message('/auth/introspection', e)

    # Emit a Rack error message.
    emit_rack_error_message(request, message)

    # Failed to introspect the access token.
    return Authlete::Response::IntrospectionResponse.new(
      :action          => 'INTERNAL_SERVER_ERROR',
      :responseContent => "Bearer error=\"server_error\",error_description=\"#{message}\""
    )
  end

  # Return the response from Authlete's /auth/introspection API.
  result
end