Class: OAuth2::MCP::IntrospectionValidator

Inherits:
Object
  • Object
show all
Defined in:
lib/oauth2/mcp.rb

Overview

Validates opaque bearer tokens through OAuth token introspection.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(client:, introspection_url:, audience: nil, issuer: nil, token_type_hint: "access_token") ⇒ IntrospectionValidator

Returns a new instance of IntrospectionValidator.



222
223
224
225
226
227
228
 
# File 'lib/oauth2/mcp.rb', line 222

def initialize(client:, introspection_url:, audience: nil, issuer: nil, token_type_hint: "access_token")
  @client = client
  @introspection_url = introspection_url
  @audience = audience
  @issuer = issuer
  @token_type_hint = token_type_hint
end

Instance Attribute Details

#audienceObject (readonly)

Returns the value of attribute audience.



220
221
222
 
# File 'lib/oauth2/mcp.rb', line 220

def audience
  @audience
end

#clientObject (readonly)

Returns the value of attribute client.



220
221
222
 
# File 'lib/oauth2/mcp.rb', line 220

def client
  @client
end

#introspection_urlObject (readonly)

Returns the value of attribute introspection_url.



220
221
222
 
# File 'lib/oauth2/mcp.rb', line 220

def introspection_url
  @introspection_url
end

#issuerObject (readonly)

Returns the value of attribute issuer.



220
221
222
 
# File 'lib/oauth2/mcp.rb', line 220

def issuer
  @issuer
end

#token_type_hintObject (readonly)

Returns the value of attribute token_type_hint.



220
221
222
 
# File 'lib/oauth2/mcp.rb', line 220

def token_type_hint
  @token_type_hint
end

Instance Method Details

#call(token) ⇒ Object

Raises:



230
231
232
233
234
235
236
 
# File 'lib/oauth2/mcp.rb', line 230

def call(token)
  claims = TokenClaims.from_hash(introspect(token))
  raise InvalidToken, "Token audience does not match." if audience && !claims.audience_includes?(audience)
  raise InvalidToken, "Token issuer does not match." if issuer && claims.issuer != issuer

  claims
end