Project

authress-sdk

0.0
The project is in a healthy, maintained state
authress-sdkauthress/authress-sdk.rbHomepageDocumentationSource CodeBug TrackerWiki
This is the Authress SDK used to integrate with the authorization as a service provider Authress at https://authress.io. The full documentation is available in the Github repo Readme: https://github.com/Authress/authress-sdk.rb.
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
8,452
Stars
3
Forks
1
Watchers
4
 Releases
Current version
2.0.45.0
Total releases
14
First release
2020-12-20
Latest release
2024-05-01
 Issues
Open Issues
0
Closed Issues
2
Total Issues
2
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
0
Merged Pull Requests
4
Pull Request Acceptance Rate
100%
 Development
Primary Language
Ruby
Licenses
Apache-2.0
Average date of last 50 commits
2022-10-04
Reverse Dependencies
0

 Dependencies

Development

rspec
>= 0

Runtime

openssl
>= 0
rbnacl
>= 0
json
~> 2.1, >= 2.1.0
typhoeus
>= 1.4
jwt
>= 2.8
oauth2
>= 0
omniauth-oauth2
>= 0
 Project Readme

Authress media banner

Authress SDK for Ruby

This is the Authress SDK used to integrate with the authorization as a service provider Authress at https://authress.io.

Gem Version

Usage

gem install authress-sdk

Then required the package:

require 'authress-sdk'

Getting started examples

For more details on common use cases using Authress checkout the Authress Knowledge Base.

Authorize using a user token

require 'authress-sdk'

# create an instance of the API class during service initialization
# Replace the base_url with the custom Authress domain for your account
# https://authress.io/app/#/settings?focus=domain
AuthressSdk.configure do |config|
  config.base_url = 'https://login.company.com'
end

# on api route
[route('/resources/<resourceId>')]
def getResource(resourceId)
  # Get the user token and pass it to authress
  user_identity = AuthressSdk::AuthressClient.verify_token(request.headers.get('authorization'))

  # Check Authress to authorize the user
  user_id = user_identity.sub
  resource_uri = "resources/#{resourceId}" # String | The uri path of a resource to validate, must be URL encoded, uri segments are allowed, the resource must be a full path, and permissions are not inherited by sub-resources.
  permission = 'READ' # String | Permission to check, '*' and scoped permissions can also be checked here.
  begin
    #Check to see if a user has permissions to a resource.
    api_instance = AuthressSdk::UserPermissionsApi.new
    api_instance.authorize_user(user_id, resource_uri, permission)
  rescue AuthressSdk::ApiError => e
    # Will throw except if the user is not authorized to read the resource
    if (e.status === 404) {
      return { statusCode: 404 }
    }
    puts "Exception when calling UserPermissionsApi->authorize_user: #{e}"
    raise
  end

  # On success, continue with the route code to load resource and return it
  return { resource: {}, statusCode: 200 }

Authorize with a service client

require 'authress-sdk'

# create an instance of the API class during service initialization
# Replace DOMAIN with the Authress domain for your account

# Create a service client in the Authress management portal and past the access token here
# This will generate a token automatically instead of passing the user token to the api
AuthressSdk.configure do |config|
  config.base_url = 'https://login.company.com'
  client_access_key = 'eyJrZXlJ....'
  config.token_provider = AuthressSdk::ServiceClientTokenProvider.new(client_access_key)
end

# on api route
[route('/resources/<resourceId>')]
def getResource(resourceId)
  # Check Authress to authorize the user
  user_identity = AuthressSdk::AuthressClient.verify_token(request.headers.get('authorization'))

  # Check Authress to authorize the user
  user_id = user_identity.sub
  resource_uri = "resources/#{resourceId}" # String | The uri path of a resource to validate, must be URL encoded, uri segments are allowed, the resource must be a full path, and permissions are not inherited by sub-resources.
  permission = 'READ' # String | Permission to check, '*' and scoped permissions can also be checked here.

  begin
    # Check to see if a user has permissions to a resource.
    api_instance = AuthressSdk::UserPermissionsApi.new
    api_instance.authorize_user(user_id, resource_uri, permission)
  rescue AuthressSdk::ApiError => e
    # Will raise exception if the user is not authorized to read the resource
    if (e.status === 404) {
      return { statusCode: 404 }
    }
    puts "Exception when calling UserPermissionsApi->authorize_user: #{e}"
    raise
  end

  # On success, continue with the route code to load resource and return it
  return { resource: {}, statusCode: 200 }

Creating resources

When a user creates a resource in your application, we want to ensure that they get access own that resource.

You may receive User does not have sufficient access to grant permissions to resources as an error along with the status code 403. This means that the service client or user jwt does not have access to create the access record. If using a service client, go to the Authress portal and create a one time record which grants the service client Authress:Owner to Resources/ so that it can manage access records for these types of resources.

require 'authress-sdk'

begin
  # Create a new access record.
  user_identity = AuthressSdk::AuthressClient.verify_token(request.headers.get('authorization'))
  new_record = AuthressSdk::AccessRecord.new {
    name: "Access To New Resource #{NewResourceId}",
    users: [{ userId: user_identity.sub }],
    statements: [{
      resources: [{ resourceUri: "Resources/#{NewResourceId}" }],
      # Owner by default gives full control over this new resource, including the ability to grant others access as well.
      roles: ['Authress:Owner']
    }]
  }
  api_instance = AuthressSdk::AccessRecordsApi.new
  result = api_instance.create_record(new_record)
  puts result
rescue AuthressSdk::ApiError => e
  puts "Exception when calling AccessRecordsApi->create_record: #{e}"
  raise
end