authlete 0.5.1 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (61) hide show
  1. checksums.yaml +4 -4
  2. data/lib/authlete.rb +24 -1
  3. data/lib/authlete/api.rb +298 -146
  4. data/lib/authlete/authentication-server.rb +1 -1
  5. data/lib/authlete/exception.rb +6 -3
  6. data/lib/authlete/model/client-extension.rb +135 -135
  7. data/lib/authlete/model/client-list.rb +128 -128
  8. data/lib/authlete/model/client.rb +468 -468
  9. data/lib/authlete/model/hashable.rb +1 -1
  10. data/lib/authlete/model/pair.rb +102 -102
  11. data/lib/authlete/model/property.rb +116 -0
  12. data/lib/authlete/model/request/authentication-callback-request.rb +90 -90
  13. data/lib/authlete/model/request/authorization-fail-request.rb +107 -104
  14. data/lib/authlete/model/request/authorization-issue-request.rb +167 -133
  15. data/lib/authlete/model/request/authorization-request.rb +101 -101
  16. data/lib/authlete/model/request/client-authorization-delete-request.rb +123 -0
  17. data/lib/authlete/model/request/client-authorization-get-list-request.rb +123 -0
  18. data/lib/authlete/model/request/client-authorization-update-request.rb +118 -0
  19. data/lib/authlete/model/request/client-secret-update-request.rb +121 -0
  20. data/lib/authlete/model/request/developer-authentication-callback-request.rb +84 -84
  21. data/lib/authlete/model/request/granted-scopes-request.rb +103 -0
  22. data/lib/authlete/model/request/introspection-request.rb +117 -39
  23. data/lib/authlete/model/request/revocation-request.rb +125 -0
  24. data/lib/authlete/model/request/standard-introspection-request.rb +102 -0
  25. data/lib/authlete/model/request/token-create-request.rb +250 -0
  26. data/lib/authlete/model/request/token-fail-request.rb +104 -101
  27. data/lib/authlete/model/request/token-issue-request.rb +116 -101
  28. data/lib/authlete/model/request/token-request.rb +127 -121
  29. data/lib/authlete/model/request/token-update-request.rb +165 -0
  30. data/lib/authlete/model/request/user-info-issue-request.rb +113 -0
  31. data/lib/authlete/model/request/user-info-request.rb +102 -0
  32. data/lib/authlete/model/response/authentication-callback-response.rb +53 -53
  33. data/lib/authlete/model/response/authorization-fail-response.rb +48 -48
  34. data/lib/authlete/model/response/authorization-issue-response.rb +85 -48
  35. data/lib/authlete/model/response/authorization-response.rb +177 -164
  36. data/lib/authlete/model/response/client-authorization-get-list-response.rb +60 -0
  37. data/lib/authlete/model/response/client-secret-refresh-response.rb +48 -0
  38. data/lib/authlete/model/response/client-secret-update-response.rb +48 -0
  39. data/lib/authlete/model/response/developer-authentication-callback-response.rb +55 -55
  40. data/lib/authlete/model/response/granted-scopes-get-response.rb +63 -0
  41. data/lib/authlete/model/response/introspection-response.rb +163 -132
  42. data/lib/authlete/model/response/revocation-response.rb +49 -0
  43. data/lib/authlete/model/response/service-creatable-response.rb +50 -50
  44. data/lib/authlete/model/response/standard-introspection-response.rb +49 -0
  45. data/lib/authlete/model/response/token-create-response.rb +100 -0
  46. data/lib/authlete/model/response/token-fail-response.rb +49 -49
  47. data/lib/authlete/model/response/token-issue-response.rb +138 -49
  48. data/lib/authlete/model/response/token-response.rb +168 -70
  49. data/lib/authlete/model/response/token-update-response.rb +62 -0
  50. data/lib/authlete/model/response/user-info-issue-response.rb +47 -0
  51. data/lib/authlete/model/response/user-info-response.rb +85 -0
  52. data/lib/authlete/model/result.rb +44 -44
  53. data/lib/authlete/model/scope.rb +1 -1
  54. data/lib/authlete/model/service-list.rb +1 -1
  55. data/lib/authlete/model/service-owner.rb +1 -1
  56. data/lib/authlete/model/service.rb +4 -2
  57. data/lib/authlete/model/sns-credentials.rb +1 -1
  58. data/lib/authlete/model/tagged-value.rb +97 -97
  59. data/lib/authlete/utility.rb +1 -1
  60. data/lib/authlete/version.rb +2 -2
  61. metadata +24 -2
@@ -0,0 +1,60 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::ClientAuthorizationGetListResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/client/authorization/get/list API.
24
+ class ClientAuthorizationGetListResponse
25
+ # Start index of search results (inclusive).
26
+ # (Integer)
27
+ attr_accessor :start
28
+
29
+ # End index of search results (exclusive).
30
+ # (Integer)
31
+ attr_accessor :end
32
+
33
+ # Unique Developer ID. (String)
34
+ attr_accessor :developer
35
+
36
+ # The total number of clients that meet the conditions. (Integer)
37
+ attr_accessor :totalCount
38
+ alias_method :total_count, :totalCount
39
+ alias_method :total_count=, :totalCount=
40
+
41
+ # The list of clients. (Client array)
42
+ attr_accessor :clients
43
+
44
+ private
45
+
46
+ # The constructor which takes a hash that represents a JSON response
47
+ # from Authlete's /api/client/authorization/get/list API.
48
+ def initialize(hash = {})
49
+ @start = extract_integer_value(hash, :start)
50
+ @end = extract_integer_value(hash, :end)
51
+ @developer = extract_value(hash, :developer)
52
+ @totalCount = extract_integer_value(hash, :totalCount)
53
+ @clients = extract_array_value(hash, :clients) do |element|
54
+ Authlete::Model::Client.parse(element)
55
+ end
56
+ end
57
+ end
58
+ end
59
+ end
60
+ end
@@ -0,0 +1,48 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::ClientSecretRefreshResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/client/secret/refresh/{clientIdentifier} API.
24
+ class ClientSecretRefreshResponse < Authlete::Model::Result
25
+ # The new client secret. (String)
26
+ attr_accessor :newClientSecret
27
+ alias_method :new_client_secret, :newClientSecret
28
+ alias_method :new_client_secret=, :newClientSecret=
29
+
30
+ # The old client secret. (String)
31
+ attr_accessor :oldClientSecret
32
+ alias_method :old_client_secret, :oldClientSecret
33
+ alias_method :old_client_secret=, :oldClientSecret=
34
+
35
+ private
36
+
37
+ # The constructor which takes a hash that represents a JSON response
38
+ # from Authlete's /api/client/secret/refresh/{clientIdentifier} API.
39
+ def initialize(hash = {})
40
+ super(hash)
41
+
42
+ @newClientSecret = extract_value(hash, :newClientSecret)
43
+ @oldClientSecret = extract_value(hash, :oldClientSecret)
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
@@ -0,0 +1,48 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::ClientSecretUpdateResponse class
22
+ #
23
+ # This class represents a response from Authlete's /api/client/secret/update/{clientIdentifier} API.
24
+ class ClientSecretUpdateResponse < Authlete::Model::Result
25
+ # The new client secret. (String)
26
+ attr_accessor :newClientSecret
27
+ alias_method :new_client_secret, :newClientSecret
28
+ alias_method :new_client_secret=, :newClientSecret=
29
+
30
+ # The old client secret. (String)
31
+ attr_accessor :oldClientSecret
32
+ alias_method :old_client_secret, :oldClientSecret
33
+ alias_method :old_client_secret=, :oldClientSecret=
34
+
35
+ private
36
+
37
+ # The constructor which takes a hash that represents a JSON response
38
+ # from Authlete's /api/client/secret/update/{clientIdentifier} API.
39
+ def initialize(hash = {})
40
+ super(hash)
41
+
42
+ @newClientSecret = extract_value(hash, :newClientSecret)
43
+ @oldClientSecret = extract_value(hash, :oldClientSecret)
44
+ end
45
+ end
46
+ end
47
+ end
48
+ end
@@ -1,56 +1,56 @@
1
- # :nodoc:
2
- #
3
- # Copyright (C) 2014-2015 Authlete, Inc.
4
- #
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
- #
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
-
18
- module Authlete
19
- module Model
20
- module Response
21
- # == Authlete::Model::Response::DeveloperAuthenticationCallbackResponse class
22
- #
23
- # This class represents a response from a developer authentication callback endpoint.
24
- class DeveloperAuthenticationCallbackResponse
25
- include Authlete::Utility
26
- # True when the developer has been authenticated (= is a valid developer).
27
- attr_accessor :authenticated
28
-
29
- # The unique identifier of the developer.
30
- attr_accessor :subject
31
-
32
- # The display name of the developer.
33
- attr_accessor :displayName
34
- alias_method :display_name, :displayName
35
- alias_method :display_name=, :displayName=
36
-
37
- # The constructor which takes a hash that represents a JSON response
38
- # from a developer authentication callback endpoint.
39
- def initialize(hash = {})
40
- @authenticated = extract_boolean_value(hash, :authenticated)
41
- @subject = extract_value(hash, :subject)
42
- @displayName = extract_value(hash, :displayName)
43
- end
44
-
45
- # Generate an array which is usable as a Rack response from this instance.
46
- def to_rack_response
47
- to_rack_response_json(200, JSON.generate(
48
- :authenticated => @authenticated,
49
- :subject => @subject,
50
- :displayName => @displayName
51
- ))
52
- end
53
- end
54
- end
55
- end
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::DeveloperAuthenticationCallbackResponse class
22
+ #
23
+ # This class represents a response from a developer authentication callback endpoint.
24
+ class DeveloperAuthenticationCallbackResponse
25
+ include Authlete::Utility
26
+ # True when the developer has been authenticated (= is a valid developer).
27
+ attr_accessor :authenticated
28
+
29
+ # The unique identifier of the developer.
30
+ attr_accessor :subject
31
+
32
+ # The display name of the developer.
33
+ attr_accessor :displayName
34
+ alias_method :display_name, :displayName
35
+ alias_method :display_name=, :displayName=
36
+
37
+ # The constructor which takes a hash that represents a JSON response
38
+ # from a developer authentication callback endpoint.
39
+ def initialize(hash = {})
40
+ @authenticated = extract_boolean_value(hash, :authenticated)
41
+ @subject = extract_value(hash, :subject)
42
+ @displayName = extract_value(hash, :displayName)
43
+ end
44
+
45
+ # Generate an array which is usable as a Rack response from this instance.
46
+ def to_rack_response
47
+ to_rack_response_json(200, JSON.generate(
48
+ :authenticated => @authenticated,
49
+ :subject => @subject,
50
+ :displayName => @displayName
51
+ ))
52
+ end
53
+ end
54
+ end
55
+ end
56
56
  end
@@ -0,0 +1,63 @@
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::GrantedScopesGetResponse class
22
+ #
23
+ # A class that represents a response from Authlete's
24
+ # /api/client/granted_scopes/get/{clientId} API.
25
+ class GrantedScopesGetResponse < Authlete::Model::Result
26
+ # Service API key. (Integer)
27
+ attr_accessor :serviceApiKey
28
+ alias_method :service_api_key, :serviceApiKey
29
+ alias_method :service_api_key=, :serviceApiKey=
30
+
31
+ # Client ID.. (Integer)
32
+ attr_accessor :clientId
33
+ alias_method :client_id, :clientId
34
+ alias_method :client_id=, :clientId=
35
+
36
+ # Unique User ID. (String)
37
+ attr_accessor :subject
38
+
39
+ # Scopes granted by the last authorization process. (String array)
40
+ attr_accessor :latestGrantedScopes
41
+ alias_method :latest_granted_scopes, :latestGrantedScopes
42
+ alias_method :latest_granted_scopes=, :latestGrantedScopes=
43
+
44
+ # All scopes granted so far. (String array)
45
+ attr_accessor :mergedGrantedScopes
46
+ alias_method :merged_granted_scopes, :mergedGrantedScopes
47
+ alias_method :merged_granted_scopes=, :mergedGrantedScopes=
48
+
49
+ # The constructor which takes a hash that represents a JSON response
50
+ # from /api/client/granted_scopes/get/{clientId} API.
51
+ def initialize(hash = {})
52
+ super(hash)
53
+
54
+ @serviceApiKey = extract_integer_value(hash, :serviceApiKey)
55
+ @clientId = extract_integer_value(hash, :clientId)
56
+ @subject = extract_value(hash, :subject)
57
+ @latestGrantedScopes = extract_value(hash, :latestGrantedScopes)
58
+ @mergedGrantedScopes = extract_value(hash, :mergedGrantedScopes)
59
+ end
60
+ end
61
+ end
62
+ end
63
+ end
@@ -1,133 +1,164 @@
1
- # :nodoc:
2
- #
3
- # Copyright (C) 2014-2015 Authlete, Inc.
4
- #
5
- # Licensed under the Apache License, Version 2.0 (the "License");
6
- # you may not use this file except in compliance with the License.
7
- # You may obtain a copy of the License at
8
- #
9
- # http://www.apache.org/licenses/LICENSE-2.0
10
- #
11
- # Unless required by applicable law or agreed to in writing, software
12
- # distributed under the License is distributed on an "AS IS" BASIS,
13
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
- # See the License for the specific language governing permissions and
15
- # limitations under the License.
16
-
17
-
18
- module Authlete
19
- module Model
20
- module Response
21
- # == Authlete::Model::Response::IntrospectionResponse class
22
- #
23
- # A class that represents a response from Authlete's
24
- # /api/auth/introspection API.
25
- class IntrospectionResponse < Authlete::Model::Result
26
- # The next action which the caller of the API should take next.
27
- attr_accessor :action
28
-
29
- # The ID of the client application which is associated with
30
- # the access token.
31
- attr_accessor :clientId
32
- alias_method :client_id, :clientId
33
- alias_method :client_id=, :clientId=
34
-
35
- # The subject which is associated with the access token.
36
- # This is <tt>nil</tt> if the access token was created
37
- # through {Client Credentials Flow}[https://tools.ietf.org/html/rfc6749#section-4.4].
38
- attr_accessor :subject
39
-
40
- # The scopes which is associated with the access token.
41
- attr_accessor :scopes
42
-
43
- # True when the access token exists.
44
- attr_accessor :existent
45
-
46
- # True when the access token is usable (= exists and has not expired).
47
- attr_accessor :usable
48
-
49
- # True when the access token covers all the scopes (if specified).
50
- attr_accessor :sufficient
51
-
52
- # True when the access token can be refreshed using its corresponding
53
- # refresh token.
54
- attr_accessor :refreshable
55
-
56
- # The content of the error response that the service implementation
57
- # should return to the client application.
58
- attr_accessor :response_content
59
- alias_method :response_content, :responseContent
60
- alias_method :response_content=, :responseContent=
61
-
62
- # The constructor which takes a hash that represents a JSON response
63
- # from /api/auth/introspection API.
64
- def initialize(hash = {})
65
- super(hash)
66
-
67
- @action = extract_value(hash, :action)
68
- @clientId = extract_value(hash, :clientId)
69
- @subject = extract_value(hash, :subject)
70
- @scopes = extract_value(hash, :scopes)
71
- @existent = extract_boolean_value(hash, :existent)
72
- @usable = extract_boolean_value(hash, :usable)
73
- @sufficient = extract_boolean_value(hash, :sufficient)
74
- @refreshable = extract_boolean_value(hash, :refreshable)
75
- @responseContent = extract_value(hash, :responseContent)
76
- end
77
-
78
- alias_method :existent?, :existent
79
- alias_method :exists, :existent
80
- alias_method :exists?, :existent
81
- alias_method :exist, :existent
82
- alias_method :exist?, :existent
83
- alias_method :usable?, :usable
84
- alias_method :sufficient?, :sufficient
85
- alias_method :refreshable?, :refreshable
86
-
87
- # Generate an array which is usable as a Rack response from this instance.
88
- # When <tt>action</tt> method returns other value than 'OK', the array
89
- # returned from this method satisfies RFC 6750.
90
- def to_rack_response
91
- # 'action' denotes the next action.
92
- case @action
93
- when 'INTERNAL_SERVER_ERROR'
94
- # 500 Internal Server Error
95
- # The API request from this implementation was wrong
96
- # or an error occurred in Authlete.
97
- return to_rack_response_www_authenticate(500, @response_content)
98
-
99
- when 'BAD_REQUEST'
100
- # 400 Bad Request
101
- # The request from the client application does not
102
- # contain an access token.
103
- return to_rack_response_www_authenticate(400, @response_content)
104
-
105
- when 'UNAUTHORIZED'
106
- # 401 Unauthorized
107
- # The presented access token does not exist or has expired.
108
- return to_rack_response_www_authenticate(401, @response_content)
109
-
110
- when 'FORBIDDEN'
111
- # 403 Forbidden
112
- # The access token does not cover the required scopes
113
- # or the subject associated with the access token is
114
- # different.
115
- return to_rack_response_www_authenticate(403, @response_content)
116
-
117
- when 'OK'
118
- # The access token is valid (= exists and has not expired).
119
- # Basically, the caller won't use the array returned from here.
120
- # Instead, it will return the protected resource to the client
121
- # application which has presented the valid access token.
122
- return [ 200, nil, nil ]
123
-
124
- else
125
- # This should not happen.
126
- return to_rack_response_www_authenticate(500,
127
- 'Bearer error="server_error",error_description="Unknown action"')
128
- end
129
- end
130
- end
131
- end
132
- end
1
+ # :nodoc:
2
+ #
3
+ # Copyright (C) 2014-2018 Authlete, Inc.
4
+ #
5
+ # Licensed under the Apache License, Version 2.0 (the "License");
6
+ # you may not use this file except in compliance with the License.
7
+ # You may obtain a copy of the License at
8
+ #
9
+ # http://www.apache.org/licenses/LICENSE-2.0
10
+ #
11
+ # Unless required by applicable law or agreed to in writing, software
12
+ # distributed under the License is distributed on an "AS IS" BASIS,
13
+ # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14
+ # See the License for the specific language governing permissions and
15
+ # limitations under the License.
16
+
17
+
18
+ module Authlete
19
+ module Model
20
+ module Response
21
+ # == Authlete::Model::Response::IntrospectionResponse class
22
+ #
23
+ # A class that represents a response from Authlete's
24
+ # /api/auth/introspection API.
25
+ class IntrospectionResponse < Authlete::Model::Result
26
+ # The next action which the caller of the API should take next.
27
+ # (String)
28
+ attr_accessor :action
29
+
30
+ # The ID of the client application which is associated with
31
+ # the access token. (Integer)
32
+ attr_accessor :clientId
33
+ alias_method :client_id, :clientId
34
+ alias_method :client_id=, :clientId=
35
+
36
+ # The flag which indicates whether the client ID alias was used when
37
+ # the authorization request for the access token was made. (String)
38
+ attr_accessor :clientIdAlias
39
+ alias_method :client_id_alias, :clientIdAlias
40
+ alias_method :client_id_alias=, :clientIdAlias=
41
+
42
+ # The flag which indicates whether the client ID alias was used when
43
+ # the authorization request or the token request for the access token
44
+ # was made. (Boolean)
45
+ attr_accessor :clientIdAliasUsed
46
+ alias_method :client_id_alias_used, :clientIdAliasUsed
47
+ alias_method :client_id_alias_used=, :clientIdAliasUsed=
48
+
49
+ # The time at which the access token expires. (Integer)
50
+ attr_accessor :expiresAt
51
+ alias_method :expires_at, :expiresAt
52
+ alias_method :expires_at=, :expiresAt=
53
+
54
+ # The subject which is associated with the access token.
55
+ # This is <tt>nil</tt> if the access token was created
56
+ # through {Client Credentials Flow}[https://tools.ietf.org/html/rfc6749#section-4.4].
57
+ # (String)
58
+ attr_accessor :subject
59
+
60
+ # The scopes which is associated with the access token. (String array)
61
+ attr_accessor :scopes
62
+
63
+ # True when the access token exists. (Boolean)
64
+ attr_accessor :existent
65
+
66
+ # True when the access token is usable (= exists and has not expired).
67
+ # (Boolean)
68
+ attr_accessor :usable
69
+
70
+ # True when the access token covers all the scopes (if specified).
71
+ # (Boolean)
72
+ attr_accessor :sufficient
73
+
74
+ # True when the access token can be refreshed using its corresponding
75
+ # refresh token. (Boolean)
76
+ attr_accessor :refreshable
77
+
78
+ # The content of the error response that the service implementation
79
+ # should return to the client application. (String)
80
+ attr_accessor :response_content
81
+ alias_method :response_content, :responseContent
82
+ alias_method :response_content=, :responseContent=
83
+
84
+ # Extra properties associated with the access token. (Property array)
85
+ attr_accessor :properties
86
+
87
+ # The constructor which takes a hash that represents a JSON response
88
+ # from /api/auth/introspection API.
89
+ def initialize(hash = {})
90
+ super(hash)
91
+
92
+ @action = extract_value(hash, :action)
93
+ @clientId = extract_value(hash, :clientId)
94
+ @clientIdAlias = extract_value(hash, :clientIdAlias)
95
+ @clientIdAliasUsed = extract_boolean_value(hash, :clientIdAliasUsed)
96
+ @expiresAt = extract_integer_value(hash, :expiresAt)
97
+ @subject = extract_value(hash, :subject)
98
+ @scopes = extract_value(hash, :scopes)
99
+ @existent = extract_boolean_value(hash, :existent)
100
+ @usable = extract_boolean_value(hash, :usable)
101
+ @sufficient = extract_boolean_value(hash, :sufficient)
102
+ @refreshable = extract_boolean_value(hash, :refreshable)
103
+ @responseContent = extract_value(hash, :responseContent)
104
+ @properties = extract_array_value(hash, :scopes) do |element|
105
+ Authlete::Model::Property.parse(element)
106
+ end
107
+ end
108
+
109
+ alias_method :existent?, :existent
110
+ alias_method :exists, :existent
111
+ alias_method :exists?, :existent
112
+ alias_method :exist, :existent
113
+ alias_method :exist?, :existent
114
+ alias_method :usable?, :usable
115
+ alias_method :sufficient?, :sufficient
116
+ alias_method :refreshable?, :refreshable
117
+
118
+ # Generate an array which is usable as a Rack response from this instance.
119
+ # When <tt>action</tt> method returns other value than 'OK', the array
120
+ # returned from this method satisfies RFC 6750.
121
+ def to_rack_response
122
+ # 'action' denotes the next action.
123
+ case @action
124
+ when 'INTERNAL_SERVER_ERROR'
125
+ # 500 Internal Server Error
126
+ # The API request from this implementation was wrong
127
+ # or an error occurred in Authlete.
128
+ return to_rack_response_www_authenticate(500, @response_content)
129
+
130
+ when 'BAD_REQUEST'
131
+ # 400 Bad Request
132
+ # The request from the client application does not
133
+ # contain an access token.
134
+ return to_rack_response_www_authenticate(400, @response_content)
135
+
136
+ when 'UNAUTHORIZED'
137
+ # 401 Unauthorized
138
+ # The presented access token does not exist or has expired.
139
+ return to_rack_response_www_authenticate(401, @response_content)
140
+
141
+ when 'FORBIDDEN'
142
+ # 403 Forbidden
143
+ # The access token does not cover the required scopes
144
+ # or the subject associated with the access token is
145
+ # different.
146
+ return to_rack_response_www_authenticate(403, @response_content)
147
+
148
+ when 'OK'
149
+ # The access token is valid (= exists and has not expired).
150
+ # Basically, the caller won't use the array returned from here.
151
+ # Instead, it will return the protected resource to the client
152
+ # application which has presented the valid access token.
153
+ return [ 200, nil, nil ]
154
+
155
+ else
156
+ # This should not happen.
157
+ return to_rack_response_www_authenticate(500,
158
+ 'Bearer error="server_error",error_description="Unknown action"')
159
+ end
160
+ end
161
+ end
162
+ end
163
+ end
133
164
  end