Class: Authlete::Response::IntrospectionResponse

Inherits:
BaseResponse
  • Object
show all
Includes:
Utility
Defined in:
lib/authlete/response/introspection-response.rb

Overview

Authlete::Response::IntrospectionResponse class

A class that represents a response from Authlete’s /auth/introspection API.

Instance Attribute Summary collapse

Attributes inherited from BaseResponse

#result_code, #result_message

Instance Method Summary collapse

Methods included from Utility

#extract_access_token, #extract_boolean_value, #extract_integer_value, #extract_value, #to_rack_response_json, #to_rack_response_www_authenticate

Constructor Details

#initialize(hash = {}) ⇒ IntrospectionResponse

The constructor which takes a hash that represents a JSON response from /auth/introspection API.



64
65
66
67
68
69
70
71
72
73
74
75
76
 
# File 'lib/authlete/response/introspection-response.rb', line 64

def initialize(hash = {})
  super(hash)

  @action           = extract_value(hash, :action)
  @client_id        = extract_value(hash, :clientId)
  @subject          = extract_value(hash, :subject)
  @scopes           = extract_value(hash, :scopes)
  @existent         = extract_boolean_value(hash, :existent)
  @usable           = extract_boolean_value(hash, :usable)
  @sufficient       = extract_boolean_value(hash, :sufficient)
  @refreshable      = extract_boolean_value(hash, :refreshable)
  @response_content = extract_value(hash, :responseContent)
end

Instance Attribute Details

#actionObject

The next action which the caller of the API should take next.



30
31
32
 
# File 'lib/authlete/response/introspection-response.rb', line 30

def action
  @action
end

#client_idObject

The ID of the client application which is associated with the access token.



34
35
36
 
# File 'lib/authlete/response/introspection-response.rb', line 34

def client_id
  @client_id
end

#existentObject Also known as: existent?, exists, exists?, exist, exist?

True when the access token exists.



45
46
47
 
# File 'lib/authlete/response/introspection-response.rb', line 45

def existent
  @existent
end

#refreshableObject Also known as: refreshable?

True when the access token can be refreshed using its corresponding refresh token.



55
56
57
 
# File 'lib/authlete/response/introspection-response.rb', line 55

def refreshable
  @refreshable
end

#response_contentObject

The content of the error response that the service implementation should return to the client application.



59
60
61
 
# File 'lib/authlete/response/introspection-response.rb', line 59

def response_content
  @response_content
end

#scopesObject

The scopes which is associated with the access token.



42
43
44
 
# File 'lib/authlete/response/introspection-response.rb', line 42

def scopes
  @scopes
end

#subjectObject

The subject which is associated with the access token. This is nil if the access token was created through Client Credentials Flow.



39
40
41
 
# File 'lib/authlete/response/introspection-response.rb', line 39

def subject
  @subject
end

#sufficientObject Also known as: sufficient?

True when the access token covers all the scopes (if specified).



51
52
53
 
# File 'lib/authlete/response/introspection-response.rb', line 51

def sufficient
  @sufficient
end

#usableObject Also known as: usable?

True when the access token is usable (= exists and has not expired).



48
49
50
 
# File 'lib/authlete/response/introspection-response.rb', line 48

def usable
  @usable
end

Instance Method Details

#to_rack_responseObject

Generate an array which is usable as a Rack response from this instance. When action method returns other value than ‘OK’, the array returned from this method satisfies RFC 6750.



90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
 
# File 'lib/authlete/response/introspection-response.rb', line 90

def to_rack_response
  # 'action' denotes the next action.
  case @action
  when 'INTERNAL_SERVER_ERROR'
    # 500 Internal Server Error
    #   The API request from this implementation was wrong
    #   or an error occurred in Authlete.
    return to_rack_response_www_authenticate(500, @response_content)

  when 'BAD_REQUEST'
    # 400 Bad Request
    #   The request from the client application does not
    #   contain an access token.
    return to_rack_response_www_authenticate(400, @response_content)

  when 'UNAUTHORIZED'
    # 401 Unauthorized
    #   The presented access token does not exist or has expired.
    return to_rack_response_www_authenticate(401, @response_content)

  when 'FORBIDDEN'
    # 403 Forbidden
    #   The access token does not cover the required scopes
    #   or the subject associated with the access token is
    #   different.
    return to_rack_response_www_authenticate(403, @response_content)

  when 'OK'
    # The access token is valid (= exists and has not expired).
    # Basically, the caller won't use the array returned from here.
    # Instead, it will return the protected resource to the client
    # application which has presented the valid access token.
    return [ 200, nil, nil ]

  else
    # This should not happen.
    return to_rack_response_www_authenticate(500,
      'Bearer error="server_error",error_description="Unknown action"')
  end
end