authlete 0.3.6 → 0.3.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/authlete.rb +14 -14
- data/lib/authlete/api.rb +115 -35
- data/lib/authlete/authentication-server.rb +4 -4
- data/lib/authlete/model/client-list.rb +127 -181
- data/lib/authlete/model/client.rb +444 -492
- data/lib/authlete/model/hashable.rb +65 -0
- data/lib/authlete/model/request/authentication-callback-request.rb +91 -0
- data/lib/authlete/model/request/authorization-fail-request.rb +107 -0
- data/lib/authlete/model/request/authorization-issue-request.rb +136 -0
- data/lib/authlete/model/request/authorization-request.rb +104 -0
- data/lib/authlete/model/request/developer-authentication-callback-request.rb +85 -0
- data/lib/authlete/model/request/introspection-request.rb +40 -0
- data/lib/authlete/model/request/token-fail-request.rb +104 -0
- data/lib/authlete/model/request/token-issue-request.rb +104 -0
- data/lib/authlete/model/request/token-request.rb +124 -0
- data/lib/authlete/model/response/authentication-callback-response.rb +54 -0
- data/lib/authlete/model/response/authorization-fail-response.rb +47 -0
- data/lib/authlete/model/response/authorization-issue-response.rb +47 -0
- data/lib/authlete/model/response/authorization-response.rb +146 -0
- data/lib/authlete/model/response/developer-authentication-callback-response.rb +56 -0
- data/lib/authlete/model/response/introspection-response.rb +129 -0
- data/lib/authlete/model/response/result.rb +45 -0
- data/lib/authlete/model/response/service-creatable-response.rb +51 -0
- data/lib/authlete/model/response/token-fail-response.rb +48 -0
- data/lib/authlete/model/response/token-issue-response.rb +48 -0
- data/lib/authlete/model/response/token-response.rb +69 -0
- data/lib/authlete/model/scope.rb +17 -42
- data/lib/authlete/model/service-list.rb +19 -74
- data/lib/authlete/model/service-owner.rb +16 -40
- data/lib/authlete/model/service.rb +20 -76
- data/lib/authlete/model/sns-credentials.rb +16 -41
- data/lib/authlete/model/tagged-value.rb +105 -135
- data/lib/authlete/utility.rb +29 -5
- data/lib/authlete/version.rb +1 -1
- metadata +24 -10
- data/lib/authlete/request/authentication-callback-request.rb +0 -90
- data/lib/authlete/request/developer-authentication-callback-request.rb +0 -84
- data/lib/authlete/response/authentication-callback-response.rb +0 -58
- data/lib/authlete/response/base-response.rb +0 -41
- data/lib/authlete/response/developer-authentication-callback-response.rb +0 -60
- data/lib/authlete/response/introspection-response.rb +0 -130
- data/lib/authlete/response/service-creatable-response.rb +0 -52
@@ -0,0 +1,54 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::AuthenticationCallbackResponse class
|
22
|
+
#
|
23
|
+
# This class represents a response from an authentication callback endpoint.
|
24
|
+
class AuthenticationCallbackResponse
|
25
|
+
include Authlete::Utility
|
26
|
+
# True when the end-user has been authenticated (= is a valid user).
|
27
|
+
attr_accessor :authenticated
|
28
|
+
|
29
|
+
# The unique identifier of the end-user.
|
30
|
+
attr_accessor :subject
|
31
|
+
|
32
|
+
# Pieces of information about the end-user in JSON format.
|
33
|
+
attr_accessor :claims
|
34
|
+
|
35
|
+
# The constructor which takes a hash that represents a JSON response
|
36
|
+
# from an authentication callback endpoint.
|
37
|
+
def initialize(hash = {})
|
38
|
+
@authenticated = extract_boolean_value(hash, :authenticated)
|
39
|
+
@subject = extract_value(hash, :subject)
|
40
|
+
@claims = extract_value(hash, :claims)
|
41
|
+
end
|
42
|
+
|
43
|
+
# Generate an array which is usable as a Rack response from this instance.
|
44
|
+
def to_rack_response
|
45
|
+
to_rack_response_json(200, JSON.generate(
|
46
|
+
:authenticated => @authenticated,
|
47
|
+
:subject => @subject,
|
48
|
+
:claims => @claims
|
49
|
+
))
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::AuthorizationFailResponse class
|
22
|
+
#
|
23
|
+
# This class represents a response from Authlete's /api/auth/authorization/fail API.
|
24
|
+
class AuthorizationFailResponse < Authlete::Model::Response::Result
|
25
|
+
# The next action that the service implementation should take.
|
26
|
+
# (String)
|
27
|
+
attr_accessor :action
|
28
|
+
|
29
|
+
# The response content which can be used to generate a response
|
30
|
+
# to the client application. The format of the value varies
|
31
|
+
# depending on the value of "action". (String)
|
32
|
+
attr_accessor :response_content
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
# The constructor which takes a hash that represents a JSON response
|
37
|
+
# from Authlete's /api/auth/authorization/fail API.
|
38
|
+
def initialize(hash = {})
|
39
|
+
super(hash)
|
40
|
+
|
41
|
+
@action = extract_value(hash, :action)
|
42
|
+
@response_content = extract_value(hash, :responseContent)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,47 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::AuthorizationIssueResponse class
|
22
|
+
#
|
23
|
+
# This class represents a response from Authlete's /api/auth/authorization/issue API.
|
24
|
+
class AuthorizationIssueResponse < Authlete::Model::Response::Result
|
25
|
+
# The next action that the service implementation should take.
|
26
|
+
# (String)
|
27
|
+
attr_accessor :action
|
28
|
+
|
29
|
+
# The response content which can be used to generate a response
|
30
|
+
# to the client application. The format of the value varies
|
31
|
+
# depending on the value of "action". (String)
|
32
|
+
attr_accessor :response_content
|
33
|
+
|
34
|
+
private
|
35
|
+
|
36
|
+
# The constructor which takes a hash that represents a JSON response
|
37
|
+
# from Authlete's /api/auth/authorization/issue API.
|
38
|
+
def initialize(hash = {})
|
39
|
+
super(hash)
|
40
|
+
|
41
|
+
@action = extract_value(hash, :action)
|
42
|
+
@response_content = extract_value(hash, :responseContent)
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
@@ -0,0 +1,146 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::AuthorizationResponse class
|
22
|
+
#
|
23
|
+
# This class represents a response from Authlete's /api/auth/authorization API.
|
24
|
+
class AuthorizationResponse < Authlete::Model::Response::Result
|
25
|
+
# The flag which indicates whether the end-user authentication
|
26
|
+
# must satisfy one of the requested ACRs. (BOOLEAN)
|
27
|
+
attr_accessor :acr_essential
|
28
|
+
|
29
|
+
# The list of ACRs (Authentication Context Class References)
|
30
|
+
# requested by the client application.
|
31
|
+
# The value come from (1) "acr" claim in "claims" request parameter,
|
32
|
+
# (2) "acr_values" request parameter or (3) "default_acr_values"
|
33
|
+
# configuration parameter of the client application.
|
34
|
+
# (String array)
|
35
|
+
attr_accessor :acrs
|
36
|
+
|
37
|
+
# The next action that the service implementation should take.
|
38
|
+
# (String)
|
39
|
+
attr_accessor :action
|
40
|
+
|
41
|
+
# The list of preferred languages and scripts for claim
|
42
|
+
# values contained in the ID token. The value comes from
|
43
|
+
# "claims_locales" request parameter. (String array)
|
44
|
+
attr_accessor :claim_locales
|
45
|
+
|
46
|
+
# The list of claims that the client application requests
|
47
|
+
# to be embedded in the ID token. The value comes from
|
48
|
+
# "scope" and "claims" request parameters of
|
49
|
+
# the original authorization request. (String array)
|
50
|
+
attr_accessor :claims
|
51
|
+
|
52
|
+
# The information about the client application which has made
|
53
|
+
# the authorization request. (Client)
|
54
|
+
attr_accessor :client
|
55
|
+
|
56
|
+
# The display mode which the client application requests
|
57
|
+
# by "display" request parameter. When the authorization
|
58
|
+
# request does not contain "display" request parameter,
|
59
|
+
# this method returns "PAGE" as the default value.
|
60
|
+
# (String)
|
61
|
+
attr_accessor :display
|
62
|
+
|
63
|
+
# The value of login hint, which is specified by the client
|
64
|
+
# application using "login_hint" request parameter.
|
65
|
+
# (String)
|
66
|
+
attr_accessor :login_hint
|
67
|
+
|
68
|
+
# The prompt that the UI displayed to the end-user must satisfy
|
69
|
+
# at least. The value comes from "prompt" request parameter.
|
70
|
+
# When the authorization request does not contain "prompt"
|
71
|
+
# parameter, this method returns "CONSENT CONSENT" as
|
72
|
+
# the default value. (String)
|
73
|
+
attr_accessor :lowest_prompt
|
74
|
+
|
75
|
+
# The maximum authentication age which is the allowable
|
76
|
+
# elapsed time in seconds since the last time the end-user
|
77
|
+
# was actively authenticated by the service implementation.
|
78
|
+
# The value comes from "max_age" request parameter
|
79
|
+
# or "default_max_age" configuration parameter of
|
80
|
+
# the client application. 0 may be returned which means
|
81
|
+
# that the max age constraint does not have to be imposed.
|
82
|
+
# (Integer)
|
83
|
+
attr_accessor :max_age
|
84
|
+
|
85
|
+
# The response content which can be used to generate a response
|
86
|
+
# to the client application. The format of the value varies
|
87
|
+
# depending on the value of "action". (String)
|
88
|
+
attr_accessor :response_content
|
89
|
+
|
90
|
+
# The scopes which the client application requests by "scope"
|
91
|
+
# request parameter. When the authorization request does
|
92
|
+
# not contain "scope" request parameter, this method
|
93
|
+
# returns a list of scopes which are marked as default by the
|
94
|
+
# service implementation. "null" may be returned if the
|
95
|
+
# authorization request does not contain valid scopes and none
|
96
|
+
# of registered scopes is marked as default.
|
97
|
+
# (Scope array)
|
98
|
+
attr_accessor :scopes
|
99
|
+
|
100
|
+
# The subject (= end-user's login ID) that the client
|
101
|
+
# application requests. The value comes from "sub"
|
102
|
+
# claim in "claims" request parameter. This method
|
103
|
+
# may return null (probably in most cases).
|
104
|
+
# (String)
|
105
|
+
attr_accessor :subject
|
106
|
+
|
107
|
+
# The ticket which has been issued to the service implementation
|
108
|
+
# from Authlete's /api/auth/authorization API. This ticket is
|
109
|
+
# needed for /api/auth/authorization/issue API and
|
110
|
+
# /api/auth/authorization/fail API. (String)
|
111
|
+
attr_accessor :ticket
|
112
|
+
|
113
|
+
# The list of preferred languages and scripts for the user
|
114
|
+
# interface. The value comes from "ui_locales" request
|
115
|
+
# parameter. (String array)
|
116
|
+
attr_accessor :ui_locales
|
117
|
+
|
118
|
+
private
|
119
|
+
|
120
|
+
# The constructor which takes a hash that represents a JSON response
|
121
|
+
# from Authlete's /api/auth/authorization API.
|
122
|
+
def initialize(hash = {})
|
123
|
+
super(hash)
|
124
|
+
|
125
|
+
@acr_essential = extract_value(hash, :acrEssential)
|
126
|
+
@acrs = extract_value(hash, :acrs)
|
127
|
+
@action = extract_value(hash, :action)
|
128
|
+
@claim_locales = extract_value(hash, :claimLocales)
|
129
|
+
@claims = extract_value(hash, :claims)
|
130
|
+
@client = Authlete::Model::Client.new(extract_value(hash, :client))
|
131
|
+
@display = extract_value(hash, :display)
|
132
|
+
@login_hint = extract_value(hash, :loginHint)
|
133
|
+
@lowest_prompt = extract_value(hash, :lowestPrompt)
|
134
|
+
@max_age = extract_value(hash, :maxAge)
|
135
|
+
@response_content = extract_value(hash, :responseContent)
|
136
|
+
@scopes = extract_array_value(hash, :scopes) do |element|
|
137
|
+
Authlete::Model::Scope.parse(element)
|
138
|
+
end
|
139
|
+
@subject = extract_value(hash, :subject)
|
140
|
+
@ticket = extract_value(hash, :ticket)
|
141
|
+
@ui_locales = extract_value(hash, :uiLocales)
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
145
|
+
end
|
146
|
+
end
|
@@ -0,0 +1,56 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::DeveloperAuthenticationCallbackResponse class
|
22
|
+
#
|
23
|
+
# This class represents a response from a developer authentication callback endpoint.
|
24
|
+
class DeveloperAuthenticationCallbackResponse
|
25
|
+
include Authlete::Utility
|
26
|
+
# True when the developer has been authenticated (= is a valid developer).
|
27
|
+
attr_accessor :authenticated
|
28
|
+
|
29
|
+
# The unique identifier of the developer.
|
30
|
+
attr_accessor :subject
|
31
|
+
|
32
|
+
# The display name of the developer.
|
33
|
+
attr_accessor :displayName
|
34
|
+
alias_method :display_name, :displayName
|
35
|
+
alias_method :display_name=, :displayName=
|
36
|
+
|
37
|
+
# The constructor which takes a hash that represents a JSON response
|
38
|
+
# from a developer authentication callback endpoint.
|
39
|
+
def initialize(hash = {})
|
40
|
+
@authenticated = extract_boolean_value(hash, :authenticated)
|
41
|
+
@subject = extract_value(hash, :subject)
|
42
|
+
@displayName = extract_value(hash, :displayName)
|
43
|
+
end
|
44
|
+
|
45
|
+
# Generate an array which is usable as a Rack response from this instance.
|
46
|
+
def to_rack_response
|
47
|
+
to_rack_response_json(200, JSON.generate(
|
48
|
+
:authenticated => @authenticated,
|
49
|
+
:subject => @subject,
|
50
|
+
:displayName => @displayName
|
51
|
+
))
|
52
|
+
end
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
@@ -0,0 +1,129 @@
|
|
1
|
+
# :nodoc:
|
2
|
+
#
|
3
|
+
# Copyright (C) 2014-2015 Authlete, Inc.
|
4
|
+
#
|
5
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
6
|
+
# you may not use this file except in compliance with the License.
|
7
|
+
# You may obtain a copy of the License at
|
8
|
+
#
|
9
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
10
|
+
#
|
11
|
+
# Unless required by applicable law or agreed to in writing, software
|
12
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
13
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
14
|
+
# See the License for the specific language governing permissions and
|
15
|
+
# limitations under the License.
|
16
|
+
|
17
|
+
|
18
|
+
module Authlete
|
19
|
+
module Model
|
20
|
+
module Response
|
21
|
+
# == Authlete::Model::Response::IntrospectionResponse class
|
22
|
+
#
|
23
|
+
# A class that represents a response from Authlete's
|
24
|
+
# /api/auth/introspection API.
|
25
|
+
class IntrospectionResponse < Authlete::Model::Response::Result
|
26
|
+
# The next action which the caller of the API should take next.
|
27
|
+
attr_accessor :action
|
28
|
+
|
29
|
+
# The ID of the client application which is associated with
|
30
|
+
# the access token.
|
31
|
+
attr_accessor :client_id
|
32
|
+
|
33
|
+
# The subject which is associated with the access token.
|
34
|
+
# This is <tt>nil</tt> if the access token was created
|
35
|
+
# through {Client Credentials Flow}[https://tools.ietf.org/html/rfc6749#section-4.4].
|
36
|
+
attr_accessor :subject
|
37
|
+
|
38
|
+
# The scopes which is associated with the access token.
|
39
|
+
attr_accessor :scopes
|
40
|
+
|
41
|
+
# True when the access token exists.
|
42
|
+
attr_accessor :existent
|
43
|
+
|
44
|
+
# True when the access token is usable (= exists and has not expired).
|
45
|
+
attr_accessor :usable
|
46
|
+
|
47
|
+
# True when the access token covers all the scopes (if specified).
|
48
|
+
attr_accessor :sufficient
|
49
|
+
|
50
|
+
# True when the access token can be refreshed using its corresponding
|
51
|
+
# refresh token.
|
52
|
+
attr_accessor :refreshable
|
53
|
+
|
54
|
+
# The content of the error response that the service implementation
|
55
|
+
# should return to the client application.
|
56
|
+
attr_accessor :response_content
|
57
|
+
|
58
|
+
# The constructor which takes a hash that represents a JSON response
|
59
|
+
# from /api/auth/introspection API.
|
60
|
+
def initialize(hash = {})
|
61
|
+
super(hash)
|
62
|
+
|
63
|
+
@action = extract_value(hash, :action)
|
64
|
+
@client_id = extract_value(hash, :clientId)
|
65
|
+
@subject = extract_value(hash, :subject)
|
66
|
+
@scopes = extract_value(hash, :scopes)
|
67
|
+
@existent = extract_boolean_value(hash, :existent)
|
68
|
+
@usable = extract_boolean_value(hash, :usable)
|
69
|
+
@sufficient = extract_boolean_value(hash, :sufficient)
|
70
|
+
@refreshable = extract_boolean_value(hash, :refreshable)
|
71
|
+
@response_content = extract_value(hash, :responseContent)
|
72
|
+
end
|
73
|
+
|
74
|
+
alias_method :existent?, :existent
|
75
|
+
alias_method :exists, :existent
|
76
|
+
alias_method :exists?, :existent
|
77
|
+
alias_method :exist, :existent
|
78
|
+
alias_method :exist?, :existent
|
79
|
+
alias_method :usable?, :usable
|
80
|
+
alias_method :sufficient?, :sufficient
|
81
|
+
alias_method :refreshable?, :refreshable
|
82
|
+
|
83
|
+
# Generate an array which is usable as a Rack response from this instance.
|
84
|
+
# When <tt>action</tt> method returns other value than 'OK', the array
|
85
|
+
# returned from this method satisfies RFC 6750.
|
86
|
+
def to_rack_response
|
87
|
+
# 'action' denotes the next action.
|
88
|
+
case @action
|
89
|
+
when 'INTERNAL_SERVER_ERROR'
|
90
|
+
# 500 Internal Server Error
|
91
|
+
# The API request from this implementation was wrong
|
92
|
+
# or an error occurred in Authlete.
|
93
|
+
return to_rack_response_www_authenticate(500, @response_content)
|
94
|
+
|
95
|
+
when 'BAD_REQUEST'
|
96
|
+
# 400 Bad Request
|
97
|
+
# The request from the client application does not
|
98
|
+
# contain an access token.
|
99
|
+
return to_rack_response_www_authenticate(400, @response_content)
|
100
|
+
|
101
|
+
when 'UNAUTHORIZED'
|
102
|
+
# 401 Unauthorized
|
103
|
+
# The presented access token does not exist or has expired.
|
104
|
+
return to_rack_response_www_authenticate(401, @response_content)
|
105
|
+
|
106
|
+
when 'FORBIDDEN'
|
107
|
+
# 403 Forbidden
|
108
|
+
# The access token does not cover the required scopes
|
109
|
+
# or the subject associated with the access token is
|
110
|
+
# different.
|
111
|
+
return to_rack_response_www_authenticate(403, @response_content)
|
112
|
+
|
113
|
+
when 'OK'
|
114
|
+
# The access token is valid (= exists and has not expired).
|
115
|
+
# Basically, the caller won't use the array returned from here.
|
116
|
+
# Instead, it will return the protected resource to the client
|
117
|
+
# application which has presented the valid access token.
|
118
|
+
return [ 200, nil, nil ]
|
119
|
+
|
120
|
+
else
|
121
|
+
# This should not happen.
|
122
|
+
return to_rack_response_www_authenticate(500,
|
123
|
+
'Bearer error="server_error",error_description="Unknown action"')
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
end
|
128
|
+
end
|
129
|
+
end
|