Skip to main content
Using Deno in production at your company? Earn free Deno merch.
Give us feedback
Module

x/authlete_deno/mod.ts>AccessTokenValidator

Authlete Library for Deno
authlete/authlete-deno
Go to Latest
class AccessTokenValidator
import { AccessTokenValidator } from "https://deno.land/x/authlete_deno@v1.2.3/mod.ts";

Access token validator.

Constructors

new
AccessTokenValidator(api: AuthleteApi)

The constructor.

Properties

private
api: AuthleteApi
optional
errorResponse: Response

An error response that the API caller (here assuming that the API caller is an implementation of a protected resource endpoint) should return to the client application. This property is internally set by validate() method when validate() returns false. The error response complies with RFC 6750 (The OAuth 2.0 Authorization Framework: Bearer Token Usage).

On entry of validate() method, this property is reset to undefined.

optional
introspectionError: Error

validate() method internally calls Authlete /api/auth/introspection API. If the API call threw an exception, the exception would be set to this property. Note that this property remains undefined if the API call succeeded, and in that successful case, the introspectionResult property is set.

On entry of validate() method, this property is reset to undefined.

optional
introspectionResult: IntrospectionResponse

A response from Authlete /api/auth/introspection API. validate() method internally calls /api/auth/introspection API and sets the response to this property. Note that this property remains undefined if the API call threw an exception, and in that error case, the introspectionError property is set.

On entry of validate() method, this property is reset to undefined.

isValid: boolean

The flag whether the access token given to validate() is valid or not. After a call of validate() method, this property holds the same value returned from validate().

On entry of validate() method, this property is reset to false.

Methods

private
callIntrospectionApi(
accessToken?: string,
requiredScopes?: string[],
requiredSubject?: string,
)

Call Authlete /api/auth/introspection API.

validate(
accessToken?: string,
requiredScopes?: string[],
requiredSubject?: string,
)

Validate an access token.

On entry, as the first step, the implementation of this method resets the following properties to false or undefined.

  • isValid
  • introspectionResult
  • introspectionError
  • errorResponse

Then, this method internally calls Authlete /api/auth/introspection API to get information about the access token.

If the API call failed, the exception thrown by the API call is set to the introspectionError property and an error response (500 Internal Server Error) that should be returned to the client application is set to the errorResponse property. Then, this method sets false to the isValid property and returns false.

If the API call succeeded, the response from the API is set to the introspectionResult property. Then, the implementation of this method checks the value of the action parameter in the response from the API.

If the value of the action parameter is OK, this method sets true to the isValid property and returns true.

If the value of the action parameter is not OK, this method builds an error response that should be returned to the client application and sets it to the errorResponse property. Then, this method sets false to the isValid property and returns false.