authlete 0.3.6 → 0.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (43) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authlete.rb +14 -14
  3. data/lib/authlete/api.rb +115 -35
  4. data/lib/authlete/authentication-server.rb +4 -4
  5. data/lib/authlete/model/client-list.rb +127 -181
  6. data/lib/authlete/model/client.rb +444 -492
  7. data/lib/authlete/model/hashable.rb +65 -0
  8. data/lib/authlete/model/request/authentication-callback-request.rb +91 -0
  9. data/lib/authlete/model/request/authorization-fail-request.rb +107 -0
  10. data/lib/authlete/model/request/authorization-issue-request.rb +136 -0
  11. data/lib/authlete/model/request/authorization-request.rb +104 -0
  12. data/lib/authlete/model/request/developer-authentication-callback-request.rb +85 -0
  13. data/lib/authlete/model/request/introspection-request.rb +40 -0
  14. data/lib/authlete/model/request/token-fail-request.rb +104 -0
  15. data/lib/authlete/model/request/token-issue-request.rb +104 -0
  16. data/lib/authlete/model/request/token-request.rb +124 -0
  17. data/lib/authlete/model/response/authentication-callback-response.rb +54 -0
  18. data/lib/authlete/model/response/authorization-fail-response.rb +47 -0
  19. data/lib/authlete/model/response/authorization-issue-response.rb +47 -0
  20. data/lib/authlete/model/response/authorization-response.rb +146 -0
  21. data/lib/authlete/model/response/developer-authentication-callback-response.rb +56 -0
  22. data/lib/authlete/model/response/introspection-response.rb +129 -0
  23. data/lib/authlete/model/response/result.rb +45 -0
  24. data/lib/authlete/model/response/service-creatable-response.rb +51 -0
  25. data/lib/authlete/model/response/token-fail-response.rb +48 -0
  26. data/lib/authlete/model/response/token-issue-response.rb +48 -0
  27. data/lib/authlete/model/response/token-response.rb +69 -0
  28. data/lib/authlete/model/scope.rb +17 -42
  29. data/lib/authlete/model/service-list.rb +19 -74
  30. data/lib/authlete/model/service-owner.rb +16 -40
  31. data/lib/authlete/model/service.rb +20 -76
  32. data/lib/authlete/model/sns-credentials.rb +16 -41
  33. data/lib/authlete/model/tagged-value.rb +105 -135
  34. data/lib/authlete/utility.rb +29 -5
  35. data/lib/authlete/version.rb +1 -1
  36. metadata +24 -10
  37. data/lib/authlete/request/authentication-callback-request.rb +0 -90
  38. data/lib/authlete/request/developer-authentication-callback-request.rb +0 -84
  39. data/lib/authlete/response/authentication-callback-response.rb +0 -58
  40. data/lib/authlete/response/base-response.rb +0 -41
  41. data/lib/authlete/response/developer-authentication-callback-response.rb +0 -60
  42. data/lib/authlete/response/introspection-response.rb +0 -130
  43. data/lib/authlete/response/service-creatable-response.rb +0 -52
@@ -0,0 +1,54 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::AuthenticationCallbackResponse class
22
+ #
23
+ # This class represents a response from an authentication callback endpoint.
24
+ class AuthenticationCallbackResponse
25
+ include Authlete::Utility
26
+ # True when the end-user has been authenticated (= is a valid user).
27
+ attr_accessor :authenticated
28
+
29
+ # The unique identifier of the end-user.
30
+ attr_accessor :subject
31
+
32
+ # Pieces of information about the end-user in JSON format.
33
+ attr_accessor :claims
34
+
35
+ # The constructor which takes a hash that represents a JSON response
36
+ # from an authentication callback endpoint.
37
+ def initialize(hash = {})
38
+ @authenticated = extract_boolean_value(hash, :authenticated)
39
+ @subject = extract_value(hash, :subject)
40
+ @claims = extract_value(hash, :claims)
41
+ end
42
+
43
+ # Generate an array which is usable as a Rack response from this instance.
44
+ def to_rack_response
45
+ to_rack_response_json(200, JSON.generate(
46
+ :authenticated => @authenticated,
47
+ :subject => @subject,
48
+ :claims => @claims
49
+ ))
50
+ end
51
+ end
52
+ end
53
+ end
54
+ end
@@ -0,0 +1,47 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::AuthorizationFailResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/auth/authorization/fail API.
24
+ class AuthorizationFailResponse < Authlete::Model::Response::Result
25
+ # The next action that the service implementation should take.
26
+ # (String)
27
+ attr_accessor :action
28
+
29
+ # The response content which can be used to generate a response
30
+ # to the client application. The format of the value varies
31
+ # depending on the value of "action". (String)
32
+ attr_accessor :response_content
33
+
34
+ private
35
+
36
+ # The constructor which takes a hash that represents a JSON response
37
+ # from Authlete's /api/auth/authorization/fail API.
38
+ def initialize(hash = {})
39
+ super(hash)
40
+
41
+ @action = extract_value(hash, :action)
42
+ @response_content = extract_value(hash, :responseContent)
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,47 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::AuthorizationIssueResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/auth/authorization/issue API.
24
+ class AuthorizationIssueResponse < Authlete::Model::Response::Result
25
+ # The next action that the service implementation should take.
26
+ # (String)
27
+ attr_accessor :action
28
+
29
+ # The response content which can be used to generate a response
30
+ # to the client application. The format of the value varies
31
+ # depending on the value of "action". (String)
32
+ attr_accessor :response_content
33
+
34
+ private
35
+
36
+ # The constructor which takes a hash that represents a JSON response
37
+ # from Authlete's /api/auth/authorization/issue API.
38
+ def initialize(hash = {})
39
+ super(hash)
40
+
41
+ @action = extract_value(hash, :action)
42
+ @response_content = extract_value(hash, :responseContent)
43
+ end
44
+ end
45
+ end
46
+ end
47
+ end
@@ -0,0 +1,146 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::AuthorizationResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/auth/authorization API.
24
+ class AuthorizationResponse < Authlete::Model::Response::Result
25
+ # The flag which indicates whether the end-user authentication
26
+ # must satisfy one of the requested ACRs. (BOOLEAN)
27
+ attr_accessor :acr_essential
28
+
29
+ # The list of ACRs (Authentication Context Class References)
30
+ # requested by the client application.
31
+ # The value come from (1) "acr" claim in "claims" request parameter,
32
+ # (2) "acr_values" request parameter or (3) "default_acr_values"
33
+ # configuration parameter of the client application.
34
+ # (String array)
35
+ attr_accessor :acrs
36
+
37
+ # The next action that the service implementation should take.
38
+ # (String)
39
+ attr_accessor :action
40
+
41
+ # The list of preferred languages and scripts for claim
42
+ # values contained in the ID token. The value comes from
43
+ # "claims_locales" request parameter. (String array)
44
+ attr_accessor :claim_locales
45
+
46
+ # The list of claims that the client application requests
47
+ # to be embedded in the ID token. The value comes from
48
+ # "scope" and "claims" request parameters of
49
+ # the original authorization request. (String array)
50
+ attr_accessor :claims
51
+
52
+ # The information about the client application which has made
53
+ # the authorization request. (Client)
54
+ attr_accessor :client
55
+
56
+ # The display mode which the client application requests
57
+ # by "display" request parameter. When the authorization
58
+ # request does not contain "display" request parameter,
59
+ # this method returns "PAGE" as the default value.
60
+ # (String)
61
+ attr_accessor :display
62
+
63
+ # The value of login hint, which is specified by the client
64
+ # application using "login_hint" request parameter.
65
+ # (String)
66
+ attr_accessor :login_hint
67
+
68
+ # The prompt that the UI displayed to the end-user must satisfy
69
+ # at least. The value comes from "prompt" request parameter.
70
+ # When the authorization request does not contain "prompt"
71
+ # parameter, this method returns "CONSENT CONSENT" as
72
+ # the default value. (String)
73
+ attr_accessor :lowest_prompt
74
+
75
+ # The maximum authentication age which is the allowable
76
+ # elapsed time in seconds since the last time the end-user
77
+ # was actively authenticated by the service implementation.
78
+ # The value comes from "max_age" request parameter
79
+ # or "default_max_age" configuration parameter of
80
+ # the client application. 0 may be returned which means
81
+ # that the max age constraint does not have to be imposed.
82
+ # (Integer)
83
+ attr_accessor :max_age
84
+
85
+ # The response content which can be used to generate a response
86
+ # to the client application. The format of the value varies
87
+ # depending on the value of "action". (String)
88
+ attr_accessor :response_content
89
+
90
+ # The scopes which the client application requests by "scope"
91
+ # request parameter. When the authorization request does
92
+ # not contain "scope" request parameter, this method
93
+ # returns a list of scopes which are marked as default by the
94
+ # service implementation. "null" may be returned if the
95
+ # authorization request does not contain valid scopes and none
96
+ # of registered scopes is marked as default.
97
+ # (Scope array)
98
+ attr_accessor :scopes
99
+
100
+ # The subject (= end-user's login ID) that the client
101
+ # application requests. The value comes from "sub"
102
+ # claim in "claims" request parameter. This method
103
+ # may return null (probably in most cases).
104
+ # (String)
105
+ attr_accessor :subject
106
+
107
+ # The ticket which has been issued to the service implementation
108
+ # from Authlete's /api/auth/authorization API. This ticket is
109
+ # needed for /api/auth/authorization/issue API and
110
+ # /api/auth/authorization/fail API. (String)
111
+ attr_accessor :ticket
112
+
113
+ # The list of preferred languages and scripts for the user
114
+ # interface. The value comes from "ui_locales" request
115
+ # parameter. (String array)
116
+ attr_accessor :ui_locales
117
+
118
+ private
119
+
120
+ # The constructor which takes a hash that represents a JSON response
121
+ # from Authlete's /api/auth/authorization API.
122
+ def initialize(hash = {})
123
+ super(hash)
124
+
125
+ @acr_essential = extract_value(hash, :acrEssential)
126
+ @acrs = extract_value(hash, :acrs)
127
+ @action = extract_value(hash, :action)
128
+ @claim_locales = extract_value(hash, :claimLocales)
129
+ @claims = extract_value(hash, :claims)
130
+ @client = Authlete::Model::Client.new(extract_value(hash, :client))
131
+ @display = extract_value(hash, :display)
132
+ @login_hint = extract_value(hash, :loginHint)
133
+ @lowest_prompt = extract_value(hash, :lowestPrompt)
134
+ @max_age = extract_value(hash, :maxAge)
135
+ @response_content = extract_value(hash, :responseContent)
136
+ @scopes = extract_array_value(hash, :scopes) do |element|
137
+ Authlete::Model::Scope.parse(element)
138
+ end
139
+ @subject = extract_value(hash, :subject)
140
+ @ticket = extract_value(hash, :ticket)
141
+ @ui_locales = extract_value(hash, :uiLocales)
142
+ end
143
+ end
144
+ end
145
+ end
146
+ end
@@ -0,0 +1,56 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::DeveloperAuthenticationCallbackResponse class
22
+ #
23
+ # This class represents a response from a developer authentication callback endpoint.
24
+ class DeveloperAuthenticationCallbackResponse
25
+ include Authlete::Utility
26
+ # True when the developer has been authenticated (= is a valid developer).
27
+ attr_accessor :authenticated
28
+
29
+ # The unique identifier of the developer.
30
+ attr_accessor :subject
31
+
32
+ # The display name of the developer.
33
+ attr_accessor :displayName
34
+ alias_method :display_name, :displayName
35
+ alias_method :display_name=, :displayName=
36
+
37
+ # The constructor which takes a hash that represents a JSON response
38
+ # from a developer authentication callback endpoint.
39
+ def initialize(hash = {})
40
+ @authenticated = extract_boolean_value(hash, :authenticated)
41
+ @subject = extract_value(hash, :subject)
42
+ @displayName = extract_value(hash, :displayName)
43
+ end
44
+
45
+ # Generate an array which is usable as a Rack response from this instance.
46
+ def to_rack_response
47
+ to_rack_response_json(200, JSON.generate(
48
+ :authenticated => @authenticated,
49
+ :subject => @subject,
50
+ :displayName => @displayName
51
+ ))
52
+ end
53
+ end
54
+ end
55
+ end
56
+ end
@@ -0,0 +1,129 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2015 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::IntrospectionResponse class
22
+ #
23
+ # A class that represents a response from Authlete's
24
+ # /api/auth/introspection API.
25
+ class IntrospectionResponse < Authlete::Model::Response::Result
26
+ # The next action which the caller of the API should take next.
27
+ attr_accessor :action
28
+
29
+ # The ID of the client application which is associated with
30
+ # the access token.
31
+ attr_accessor :client_id
32
+
33
+ # The subject which is associated with the access token.
34
+ # This is <tt>nil</tt> if the access token was created
35
+ # through {Client Credentials Flow}[https://tools.ietf.org/html/rfc6749#section-4.4].
36
+ attr_accessor :subject
37
+
38
+ # The scopes which is associated with the access token.
39
+ attr_accessor :scopes
40
+
41
+ # True when the access token exists.
42
+ attr_accessor :existent
43
+
44
+ # True when the access token is usable (= exists and has not expired).
45
+ attr_accessor :usable
46
+
47
+ # True when the access token covers all the scopes (if specified).
48
+ attr_accessor :sufficient
49
+
50
+ # True when the access token can be refreshed using its corresponding
51
+ # refresh token.
52
+ attr_accessor :refreshable
53
+
54
+ # The content of the error response that the service implementation
55
+ # should return to the client application.
56
+ attr_accessor :response_content
57
+
58
+ # The constructor which takes a hash that represents a JSON response
59
+ # from /api/auth/introspection API.
60
+ def initialize(hash = {})
61
+ super(hash)
62
+
63
+ @action = extract_value(hash, :action)
64
+ @client_id = extract_value(hash, :clientId)
65
+ @subject = extract_value(hash, :subject)
66
+ @scopes = extract_value(hash, :scopes)
67
+ @existent = extract_boolean_value(hash, :existent)
68
+ @usable = extract_boolean_value(hash, :usable)
69
+ @sufficient = extract_boolean_value(hash, :sufficient)
70
+ @refreshable = extract_boolean_value(hash, :refreshable)
71
+ @response_content = extract_value(hash, :responseContent)
72
+ end
73
+
74
+ alias_method :existent?, :existent
75
+ alias_method :exists, :existent
76
+ alias_method :exists?, :existent
77
+ alias_method :exist, :existent
78
+ alias_method :exist?, :existent
79
+ alias_method :usable?, :usable
80
+ alias_method :sufficient?, :sufficient
81
+ alias_method :refreshable?, :refreshable
82
+
83
+ # Generate an array which is usable as a Rack response from this instance.
84
+ # When <tt>action</tt> method returns other value than 'OK', the array
85
+ # returned from this method satisfies RFC 6750.
86
+ def to_rack_response
87
+ # 'action' denotes the next action.
88
+ case @action
89
+ when 'INTERNAL_SERVER_ERROR'
90
+ # 500 Internal Server Error
91
+ # The API request from this implementation was wrong
92
+ # or an error occurred in Authlete.
93
+ return to_rack_response_www_authenticate(500, @response_content)
94
+
95
+ when 'BAD_REQUEST'
96
+ # 400 Bad Request
97
+ # The request from the client application does not
98
+ # contain an access token.
99
+ return to_rack_response_www_authenticate(400, @response_content)
100
+
101
+ when 'UNAUTHORIZED'
102
+ # 401 Unauthorized
103
+ # The presented access token does not exist or has expired.
104
+ return to_rack_response_www_authenticate(401, @response_content)
105
+
106
+ when 'FORBIDDEN'
107
+ # 403 Forbidden
108
+ # The access token does not cover the required scopes
109
+ # or the subject associated with the access token is
110
+ # different.
111
+ return to_rack_response_www_authenticate(403, @response_content)
112
+
113
+ when 'OK'
114
+ # The access token is valid (= exists and has not expired).
115
+ # Basically, the caller won't use the array returned from here.
116
+ # Instead, it will return the protected resource to the client
117
+ # application which has presented the valid access token.
118
+ return [ 200, nil, nil ]
119
+
120
+ else
121
+ # This should not happen.
122
+ return to_rack_response_www_authenticate(500,
123
+ 'Bearer error="server_error",error_description="Unknown action"')
124
+ end
125
+ end
126
+ end
127
+ end
128
+ end
129
+ end