authlete 0.5.1 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 27dfa5aaff4b09fccd0cc250848dffcbe1c79796
-  data.tar.gz: c5bdab7d2741a9882466f01482888c654847012d
+  metadata.gz: 2446d2444c75c96eb2157070944d7a7ab869267e
+  data.tar.gz: 03848b3546c1989c6505550adbd7b18fa4cff48f
 SHA512:
-  metadata.gz: 1c4314f4cd74fca00bc212717fa29dc8979352f71697cba30637b37d901ab783731f0bab4ae08ebab10867dcf7306b1133a74ab24195b611625fb65cdc2741b2
-  data.tar.gz: b9296a57a5f1d02051e419fc038663010e20ae1b134d398d28223796ee8b9d4eb7a79079143c73fbe12ae816cbf8efc50d78cc5c2cabb9040263e57570b5fccb
+  metadata.gz: 7be804d22a575c32eecd87dbcc3340cd54bbb5af896fe00ec9ad4777403afe6aa17f96454c77e016983559152ad928acc652858a2d2143efc1f33dcc06f479b0
+  data.tar.gz: fc19d2e5abb3f004035b68a4f77534c671c56d30bb979dac3740cfdef6962759a1ff5e30a84471e91371d6be2511c1734e3919c650eb397a978ca3a7b5fcd947

data/lib/authlete.rb

@@ -1,6 +1,6 @@
 # :nodoc:
 #
-# Copyright (C) 2014-2015 Authlete, Inc.
+# Copyright (C) 2014-2018 Authlete, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -34,6 +34,7 @@ module Authlete
     autoload :Hashable, 'authlete/model/hashable'
     autoload :Result, 'authlete/model/result'
     autoload :Pair, 'authlete/model/pair'
+    autoload :Property, 'authlete/model/property'
     autoload :Scope, 'authlete/model/scope'
     autoload :Service, 'authlete/model/service'
     autoload :ServiceList, 'authlete/model/service-list'
@@ -46,11 +47,22 @@ module Authlete
       autoload :AuthorizationFailRequest, 'authlete/model/request/authorization-fail-request'
       autoload :AuthorizationIssueRequest, 'authlete/model/request/authorization-issue-request'
       autoload :AuthorizationRequest, 'authlete/model/request/authorization-request'
+      autoload :ClientAuthorizationDeleteRequest, 'authlete/model/request/client-authorization-delete-request'
+      autoload :ClientAuthorizationGetListRequest, 'authlete/model/request/client-authorization-get-list-request'
+      autoload :ClientAuthorizationUpdateRequest, 'authlete/model/request/client-authorization-update-request'
+      autoload :ClientSecretUpdateRequest, 'authlete/model/request/client-secret-update-request'
       autoload :DeveloperAuthenticationCallbackRequest, 'authlete/model/request/developer-authentication-callback-request'
+      autoload :GrantedScopesRequest, 'authlete/model/request/granted-scopes-request'
       autoload :IntrospectionRequest, 'authlete/model/request/introspection-request'
+      autoload :RevocationRequest, 'authlete/model/request/revocation-request'
+      autoload :StandardIntrospectionRequest, 'authlete/model/request/standard-introspection-request'
+      autoload :TokenCreateRequest, 'authlete/model/request/token-create-request'
       autoload :TokenFailRequest, 'authlete/model/request/token-fail-request'
       autoload :TokenIssueRequest, 'authlete/model/request/token-issue-request'
       autoload :TokenRequest, 'authlete/model/request/token-request'
+      autoload :TokenUpdateRequest, 'authlete/model/request/token-update-request'
+      autoload :UserInfoIssueRequest, 'authlete/model/request/user-info-issue-request'
+      autoload :UserInfoRequest, 'authlete/model/request/user-info-request'
     end
 
     module Response
@@ -58,12 +70,23 @@ module Authlete
       autoload :AuthorizationFailResponse, 'authlete/model/response/authorization-fail-response'
       autoload :AuthorizationIssueResponse, 'authlete/model/response/authorization-issue-response'
       autoload :AuthorizationResponse, 'authlete/model/response/authorization-response'
+      autoload :ClientAuthorizationGetListResponse, 'authlete/model/response/client-authorization-get-list-response'
+      autoload :ClientSecretRefreshResponse, 'authlete/model/response/client-secret-refresh-response'
+      autoload :ClientSecretUpdateResponse, 'authlete/model/response/client-secret-update-response'
+      autoload :ClientSecretRefreshResponse, 'authlete/model/response/client-secret-refresh-response'
       autoload :DeveloperAuthenticationCallbackResponse, 'authlete/model/response/developer-authentication-callback-response'
+      autoload :GrantedScopesGetResponse, 'authlete/model/response/granted-scopes-get-response'
       autoload :IntrospectionResponse, 'authlete/model/response/introspection-response'
+      autoload :RevocationResponse, 'authlete/model/response/revocation-response'
       autoload :ServiceCreatableResponse, 'authlete/model/response/service-creatable-response'
+      autoload :StandardIntrospectionResponse, 'authlete/model/response/standard-introspection-response'
+      autoload :TokenCreateResponse, 'authlete/model/response/token-create-response'
       autoload :TokenFailResponse, 'authlete/model/response/token-fail-response'
       autoload :TokenIssueResponse, 'authlete/model/response/token-issue-response'
       autoload :TokenResponse, 'authlete/model/response/token-response'
+      autoload :TokenUpdateResponse, 'authlete/model/response/token-update-response'
+      autoload :UserInfoIssueResponse, 'authlete/model/response/user-info-issue-response'
+      autoload :UserInfoResponse, 'authlete/model/response/user-info-response'
     end
   end
 end

data/lib/authlete/api.rb

@@ -1,6 +1,6 @@
 # :nodoc:
 #
-# Copyright (C) 2014-2015 Authlete, Inc.
+# Copyright (C) 2014-2018 Authlete, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -91,54 +91,50 @@ module Authlete
       begin
         return RestClient::Request.new(parameters).execute
       rescue => e
-        raise_api_exception(e)
+        raise create_api_exception(e)
       end
     end
 
-    def raise_api_exception(exception)
+    def create_api_exception(exception)
       message  = exception.message
       response = exception.response
 
+      # Create a base exception.
+      authlete_exception = Authlete::Exception.new(:message => message)
+
       if response.nil?
-        # Raise an error without HTTP response information.
-        raise Authlete::Exception.new(:message => message)
+        # No response information. Then, return an exception without HTTP
+        # response information.
+        return authlete_exception
       end
 
-      # Raise an error with HTTP response information.
-      raise_api_exception_with_http_response_info(message, response.code, response.body)
-    end
-
-    def raise_api_exception_with_http_response_info(message, status_code, response_body)
-      # Parse the response body as a json.
-      json = parse_response_body(response_body, message, status_code)
+      # Extract information from the HTTP response.
+      status_code   = response.code
+      response_body = response.body
 
-      # If the json has the HTTP response information from an Authlete API.
-      if has_authlete_api_response_info(json)
-        # Raise an error with it.
-        hash = json.merge!(:statusCode => status_code)
-        raise Authlete::Exception.new(hash)
-      end
+      # Set the status code.
+      authlete_exception.status_code = status_code
 
-      # Raise an error with 'status_code' and the original error message.
-      raise Authlete::Exception.new(
-        :message    => message,
-        :statusCode => status_code
-      )
-    end
+      response_body_json = nil
 
-    def parse_response_body(response_body, message, status_code)
       begin
-        return JSON.parse(response_body.to_s, :symbolize_names => true)
+        # Parse the response body as a json.
+        response_body_json = JSON.parse(response_body.to_s, :symbolize_names => true)
       rescue
-        # Failed to parse the response body as a json.
-        raise Authlete::Exception.new(
-          :message    => message,
-          :statusCode => status_code
-        )
+        # Failed to parse the response body as a json. Then, return an exception
+        # without HTTP response information.
+        return authlete_exception
+      end
+
+      # Set the Authlete API result info if it's available.
+      if has_authlete_api_result?(json)
+        authlete_exception.result = Authlete::Model::Result.new(response_body_json)
       end
+
+      authlete_exception
     end
 
-    def has_authlete_api_response_info(json)
+    def has_authlete_api_result?(json)
       json && json.key?(:resultCode) && json.key?(:resultMessage)
     end
 
@@ -202,13 +198,96 @@ module Authlete
       "?" + array.join("&")
     end
 
+    def to_hash(object)
+      # Return the object if it's already a hash.
+      return object if object.kind_of?(Hash)
+
+      # Convert the object to a hash if possible and return it.
+      return object.to_hash if object.respond_to?('to_hash')
+
+      # Otherwise, raise an exception.
+      Authlete::Exception.new(:message => "Failed to convert the object to a hash.")
+    end
+
     public
 
+    # Call Authlete's /api/auth/authorization API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::AuthorizationRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::AuthorizationResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def authorization(request)
+      hash = call_api_json_service("/api/auth/authorization", to_hash(request))
+
+      Authlete::Model::Response::AuthorizationResponse.new(hash)
+    end
+
+    # Call Authlete's /api/auth/authorization/issue API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::AuthorizationIssueRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::AuthorizationIssueResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def authorization_issue(request)
+      hash = call_api_json_service("/api/auth/authorization/issue", to_hash(request))
+
+      Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
+    end
+
+    # Call Authlete's /api/auth/authorization/fail API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::AuthorizationFailRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::AuthorizationFailResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def authorization_fail(request)
+      hash = call_api_json_service("/api/auth/authorization/fail", to_hash(request))
+
+      Authlete::Model::Response::AuthorizationFailResponse.new(hash)
+    end
+
+    # Call Authlete's /api/auth/token API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::TokenRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::TokenResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def token(request)
+      hash = call_api_json_service("/api/auth/token", to_hash(request))
+
+      Authlete::Model::Response::TokenResponse.new(hash)
+    end
+
+    # Call Authlete's /api/auth/token/issue API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::TokenIssueRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::TokenIssueResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def token_issue(request)
+      hash = call_api_json_service("/api/auth/token/issue", to_hash(request))
+
+      Authlete::Model::Response::TokenIssueResponse.new(hash)
+    end
+
+    # Call Authlete's /api/auth/token/fail API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::TokenFailRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::TokenFailResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def token_fail(request)
+      hash = call_api_json_service("/api/auth/token/fail", to_hash(request))
+
+      Authlete::Model::Response::TokenFailResponse.new(hash)
+    end
+
     # Call Authlete's /api/service/creatable API.
     #
     # On success, an instance of Authlete::Model::Response::ServiceCreatableResponse is returned.
     # On error, Authlete::Exception is raised.
-    def service_creatable(api_key)
+    def service_creatable
       hash = call_api_service_owner(:get, "/api/service/creatable", nil, nil)
 
       Authlete::Model::Response::ServiceCreatableResponse.new(hash)
@@ -224,13 +303,7 @@ module Authlete
     # On success, an instance of Authlete::Model::ServiceList is returned.
     # On error, Authlete::Exception is raised.
     def service_create(service)
-      if service.kind_of?(Hash) == false
-        if service.respond_to?('to_hash')
-          service = service.to_hash
-        end
-      end
-
-      hash = call_api_json_service_owner("/api/service/create", service)
+      hash = call_api_json_service_owner("/api/service/create", to_hash(service))
 
       Authlete::Model::Service.new(hash)
     end
@@ -282,13 +355,7 @@ module Authlete
     # On success, an instance of Authlete::Model::Service is returned.
     # On error, Authlete::Exception is raised.
     def service_update(api_key, service)
-      if service.kind_of?(Hash) == false
-        if service.respond_to?('to_hash')
-          service = service.to_hash
-        end
-      end
-
-      hash = call_api_json_service_owner("/api/service/update/#{api_key}", service)
+      hash = call_api_json_service_owner("/api/service/update/#{api_key}", to_hash(service))
 
       Authlete::Model::Service.new(hash)
     end
@@ -313,30 +380,28 @@ module Authlete
     # On success, an instance of Authlete::Model::ClientList is returned.
     # On error, Authlete::Exception is raised.
     def client_create(client)
-      if client.kind_of?(Hash) == false
-        if client.respond_to?('to_hash')
-          client = client.to_hash
-        end
-      end
-
-      hash = call_api_json_service("/api/client/create", client)
+      hash = call_api_json_service("/api/client/create", to_hash(client))
 
       Authlete::Model::Client.new(hash)
     end
 
     # Call Authlete's /api/client/delete/{clientId} API.
     #
+    # <tt>client_id</tt> is the client ID of a client.
+    #
     # On error, Authlete::Exception is raised.
-    def client_delete(clientId)
-      call_api_service(:delete, "/api/client/delete/#{clientId}", nil, nil)
+    def client_delete(client_id)
+      call_api_service(:delete, "/api/client/delete/#{client_id}", nil, nil)
     end
 
     # Call Authlete's /api/client/get/{clientId} API.
     #
-    # On success, an instance of Authlete::Model::Service is returned.
+    # <tt>client_id</tt> is the client ID of a client.
+
+    # On success, an instance of Authlete::Model::Client is returned.
     # On error, Authlete::Exception is raised.
-    def client_get(clientId)
-      hash = call_api_service(:get, "/api/client/get/#{clientId}", nil, nil)
+    def client_get(client_id)
+      hash = call_api_service(:get, "/api/client/get/#{client_id}", nil, nil)
 
       Authlete::Model::Client.new(hash)
     end
@@ -365,139 +430,219 @@ module Authlete
     # On success, an instance of Authlete::Model::Client is returned.
     # On error, Authlete::Exception is raised.
     def client_update(client)
-      if client.kind_of?(Hash) == false
-        if client.respond_to?('to_hash')
-          client = client.to_hash
-        end
-      end
-
-      hash = call_api_json_service("/api/client/update/#{client[:clientId]}", client)
+      hash = call_api_json_service("/api/client/update/#{client[:clientId]}", to_hash(client))
 
       Authlete::Model::Client.new(hash)
     end
 
-    # Call Authlete's /api/auth/authorization API.
+    # Call Authlete's /api/client/secret/refresh/{clientIdentifier} API.
     #
-    # On success, an instance of Authlete::Model::Response::AuthorizationResponse is returned.
+    # <tt>clientIdentifier</tt> is the client ID or the client ID alias of a client.
+    #
+    # On success, an instance of Authlete::Model::Response::ClientSecretRefreshResponse is returned.
     # On error, Authlete::Exception is raised.
-    def authorization(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def refresh_client_secret(client_identifier)
+      hash = call_api_service(:get, "/api/client/secret/refresh/#{client_identifier}", nil, nil)
 
-      hash = call_api_json_service("/api/auth/authorization", request)
+      Authlete::Model::ClientSecretRefreshResponse.new(hash)
+    end
 
-      Authlete::Model::Response::AuthorizationResponse.new(hash)
+    # Call Authlete's /api/client/secret/update/{clientIdentifier} API.
+    #
+    # <tt>client_identifier</tt> is the client ID or the client ID alias of a client.
+    # <tt>client_secret</tt> is the client secret of a client.
+    #
+    # On success, an instance of Authlete::Model::Response::ClientSecretUpdateResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def update_client_secret(client_identifier, client_secret)
+      request = Authlete::Model::ClientSecretUpdateRequest.new(:client_secret => client_secret)
+
+      hash = call_api_json_service("/api/client/secret/update/#{client_identifier}", request.to_hash)
+
+      Authlete::Model::ClientSecretUpdateResponse.new(hash)
     end
 
-    # Call Authlete's /api/auth/authorization/issue API.
+    # Call Authlete's /api/client/authorization/get/list API.
     #
-    # On success, an instance of Authlete::Model::Response::AuthorizationIssueResponse is returned.
+    # <tt>request</tt> is an instance of Authlete::Model::Request::ClientSecretUpdateRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::ClientAuthorizationListResponse is returned.
     # On error, Authlete::Exception is raised.
-    def authorization_issue(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def get_client_authorization_list(request)
+      hash = call_api_json_service("/api/client/authorization/get/list", to_hash(request))
 
-      hash = call_api_json_service("/api/auth/authorization/issue", request)
+      Authlete::Model::ClientAuthorizationListResponse.new(hash)
+    end
 
-      Authlete::Model::Response::AuthorizationIssueResponse.new(hash)
+    # Call Authlete's /api/client/authorization/update API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::ClientSecretUpdateRequest.
+    #
+    # On error, Authlete::Exception is raised.
+    def update_client_authorization(client_id, request)
+      call_api_json_service("/api/client/authorization/update/#{client_id}", to_hash(request))
     end
 
-    # Call Authlete's /api/auth/authorization/fail API.
+    # Call Authlete's /api/client/authorization/delete/{clientId} API.
+    #
+    # <tt>client_id</tt> is the client ID of a client.
+    # <tt>subject</tt> is the unique ID of an end user.
     #
-    # On success, an instance of Authlete::Model::Response::AuthorizationFailResponse is returned.
     # On error, Authlete::Exception is raised.
-    def authorization_fail(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def delete_client_authorization(client_id, subject)
+      request = Authlete::Model::ClientAuthorizationDeleteRequest.new(:subject => subject)
 
-      hash = call_api_json_service("/api/auth/authorization/fail", request)
+      call_api_json_service("/api/client/authorization/delete/#{client_id}", request.to_hash)
+    end
 
-      Authlete::Model::Response::AuthorizationFailResponse.new(hash)
+    # Call Authlete's /api/auth/introspection API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::IntrospectionRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::IntrospectionResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def introspection(request)
+      hash = call_api_json_service('/api/auth/introspection', to_hash(request))
+
+      Authlete::Model::Response::IntrospectionResponse.new(hash)
     end
 
-    # Call Authlete's /api/auth/token API.
+    # Call Authlete's /api/auth/introspection/standard API.
     #
-    # On success, an instance of Authlete::Model::Response::TokenResponse is returned.
+    # <tt>request</tt> is an instance of Authlete::Model::Request::StandardIntrospectionRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::StandardIntrospectionResponse is returned.
     # On error, Authlete::Exception is raised.
-    def token(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def standard_introspection(request)
+      hash = call_api_json_service('/api/auth/introspection/standard', to_hash(request))
 
-      hash = call_api_json_service("/api/auth/token", request)
+      Authlete::Model::Response::StandardIntrospectionResopnse.new(hash)
+    end
 
-      Authlete::Model::Response::TokenResponse.new(hash)
+    # Call Authlete's /api/auth/revocation API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::RevocationRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::RevocationResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def revocation(request)
+      hash = call_api_json_service("/api/auth/revocation", to_hash(request))
+
+      Authlete::Model::RevocationResponse.new(hash)
     end
 
-    # Call Authlete's /api/auth/token/issue API.
+    # Call Authlete's /api/auth/userinfo API.
     #
-    # On success, an instance of Authlete::Model::Response::TokenIssueResponse is returned.
+    # <tt>request</tt> is an instance of Authlete::Model::Request::UserInfoRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::UserInfoResponse is returned.
     # On error, Authlete::Exception is raised.
-    def token_issue(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def user_info(request)
+      hash = call_api_json_service("/api/auth/userinfo", to_hash(request))
 
-      hash = call_api_json_service("/api/auth/token/issue", request)
+      Authlete::Model::UserInfoResponse.new(hash)
+    end
 
-      Authlete::Model::Response::TokenIssueResponse.new(hash)
+    # Call Authlete's /api/auth/userinfo/issue API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::UserInfoIssueRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::UserInfoIssueResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def user_info_issue(request)
+      hash = call_api_json_service("/api/auth/userinfo/issue", to_hash(request))
+
+      Authlete::Model::UserInfoIssueResponse.new(hash)
     end
 
-    # Call Authlete's /api/auth/token/fail API.
+    # Call Authlete's /api/service/jwks/get API.
     #
-    # On success, an instance of Authlete::Model::Response::TokenFailResponse is returned.
+    # <tt>params</tt> is an optional hash which contains query parameters
+    # for /api/service/jwks/get API. The hash can contain the following parameters.
+    #
+    # <tt>:includePrivateKeys</tt>
+    #   This boolean value indicates whether the response should include the
+    #   private keys associated with the service or not. If "true", the private
+    #   keys are included in the response. The default value is "false".
+    #
+    # <tt>:pretty</tt>
+    #   This boolean value indicates whether the JSON in the response should
+    #   be formatted or not. If true, the JSON in the response is pretty-formatted.
+    #   The default value is false.
+    #
+    # On success, a JWK Set for a service is returned.
     # On error, Authlete::Exception is raised.
-    def token_fail(request)
-      if request.kind_of?(Hash) == false
-        if request.respond_to?('to_hash')
-          request = request.to_hash
-        end
-      end
+    def get_service_jwks(params = nil)
+      call_api_service(:get, "/api/service/jwks/get#{to_query(params)}", nil, nil)
+    end
+
+    # Call Authlete's /api/service/configuration API.
+    #
+    # <tt>params</tt> is an optional hash which contains query parameters
+    # for /api/service/configuration API. The hash can contain the following
+    # parameter.
+    #
+    # <tt>:includePrivateKeys</tt>
+    #   This boolean value indicates whether the response should include the
+    #   private keys associated with the service or not. If "true", the private
+    #   keys are included in the response. The default value is "false".
+    #
+    # On success, configuration information of a service is returned.
+    # On error, Authlete::Exception is raised.
+    def get_service_configuration(params = nil)
+      call_api_service(:get, "/api/service/configuration#{to_query(params)}", nil, nil)
+    end
 
-      hash = call_api_json_service("/api/auth/token/fail", request)
+    # Call Authlete's /api/auth/token/create API.
+    #
+    # <tt>request</tt> is an instance of Authlete::Model::Request::TokenCreateRequest.
+    #
+    # On success, an instance of Authlete::Model::Response::TokenCreateResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def token_create(request)
+      hash = call_api_json_service("/api/auth/token/create", to_hash(request))
 
-      Authlete::Model::Response::TokenFailResponse.new(hash)
+      Authlete::Model::TokenCreateResponse.new(hash)
     end
 
-    # Call Authlete's /api/auth/introspection API.
+    # Call Authlete's /api/auth/token/update API.
     #
-    # <tt>token</tt> is an access token presented by a client application.
-    # This is a must parameter. In a typical case, a client application uses
-    # one of the means listed in {RFC 6750}[https://tools.ietf.org/html/rfc6750]
-    # to present an access token to a {protected resource endpoint}
-    # [https://tools.ietf.org/html/rfc6749#section-7].
+    # <tt>request</tt> is an instance of Authlete::Model::Request::TokenUpdateRequest.
     #
-    # <tt>scopes</tt> is an array of scope names. This is an optional parameter.
-    # When the specified scopes are not covered by the access token, Authlete
-    # prepares the content of the error response.
+    # On success, an instance of Authlete::Model::Response::TokenUpdateResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def token_update(request)
+      hash = call_api_json_service("/api/auth/token/update", to_hash(request))
+
+      Authlete::Model::TokenUpdateResponse.new(hash)
+    end
+
+    # Call Authlete's /api/client/granted_scopes/get/{clientId} API.
     #
-    # <tt>subject</tt> is a unique identifier of an end-user. This is an optional
-    # parameter. When the access token is not associated with the specified
-    # subject, Authlete prepares the content of the error response.
+    # <tt>client_id</tt> is the client ID of a client.
+    # <tt>subject</tt> is the unique ID of an end user.
     #
-    # On success, this method returns an instance of
-    # <tt>Authlete::Model::Response::IntrospectionResponse</tt>. On error, this method
-    # throws <tt>RestClient::Exception</tt>.
-    def introspection(token, scopes = nil, subject = nil)
-      hash = call_api_json_service('/api/auth/introspection',
-                                   :token => token, :scopes => scopes, :subject => subject)
+    # On success, an instance of Authlete::Model::Response::GrantedScopesGetResponse is returned.
+    # On error, Authlete::Exception is raised.
+    def get_granted_scopes(client_id, subject)
+      request = Authlete::Model::GrantedScopesRequest.new(:subject => subject)
 
-      Authlete::Model::Response::IntrospectionResponse.new(hash)
+      hash = call_api_json_service("/api/client/granted_scopes/get/#{client_id}", request.to_hash)
+
+      Authlete::Model::Response::GrantedScopesGetResponse.new(hash)
     end
 
+    # Call Authlete's /api/client/granted_scopes/delete/{clientId} API.
+    #
+    # <tt>client_id</tt> is the client ID of a client.
+    # <tt>subject</tt> is the unique ID of an end user.
+    #
+    # On error, Authlete::Exception is raised.
+    def delete_granted_scopes(client_id, subject)
+      request = Authlete::Model::GrantedScopesRequest.new(:subject => subject)
+
+      call_api_json_service("/api/client/granted_scopes/delete/#{client_id}", request.to_hash)
+    end
 
     # Ensure that the request contains a valid access token.
     #
@@ -534,9 +679,16 @@ module Authlete
         )
       end
 
+      # Create a request for Authlete's /api/auth/introspection API.
+      request = Authlete::Model::Request::IntrospectionRequest.new(
+        :token   => access_token,
+        :scopes  => scopes,
+        :subject => subject
+      )
+
       begin
         # Call Authlete's /api/auth/introspection API to introspect the access token.
-        result = introspection(access_token, scopes, subject)
+        result = introspection(request)
       rescue => e
         # Error message.
         message = build_error_message('/api/auth/introspection', e)