File: bearer_authorization.rb

package info (click to toggle)
ruby-aws-sdk-core 3.212.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 2,232 kB
  • sloc: ruby: 17,533; makefile: 4
file content (69 lines) | stat: -rw-r--r-- 2,420 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
 
# frozen_string_literal: true

module Aws
  # @api private
  module Plugins
    # @api private
    # Deprecated - does not look at new traits like `auth` and `unsignedPayload`
    # Necessary to exist after endpoints 2.0 for old service clients + new core
    class BearerAuthorization < Seahorse::Client::Plugin

      option(:token_provider,
             required: false,
             doc_type: 'Aws::TokenProvider',
             docstring: <<-DOCS
A Bearer Token Provider. This can be an instance of any one of the
following classes:

* `Aws::StaticTokenProvider` - Used for configuring static, non-refreshing
  tokens.

* `Aws::SSOTokenProvider` - Used for loading tokens from AWS SSO using an
  access token generated from `aws login`.

When `:token_provider` is not configured directly, the `Aws::TokenProviderChain`
will be used to search for tokens configured for your profile in shared configuration files.
      DOCS
      ) do |config|
        if config.stub_responses
          StaticTokenProvider.new('token')
        else
          TokenProviderChain.new(config).resolve
        end
      end


      def add_handlers(handlers, cfg)
        bearer_operations =
          if cfg.api.metadata['signatureVersion'] == 'bearer'
            # select operations where authtype is either not set or is bearer
            cfg.api.operation_names.select do |o|
              !cfg.api.operation(o)['authtype'] || cfg.api.operation(o)['authtype'] == 'bearer'
            end
          else # service is not bearer auth
            # select only operations where authtype is explicitly bearer
            cfg.api.operation_names.select do |o|
              cfg.api.operation(o)['authtype'] == 'bearer'
            end
          end
        handlers.add(Handler, step: :sign, operations: bearer_operations)
      end

      class Handler < Seahorse::Client::Handler
        def call(context)
          if context.http_request.endpoint.scheme != 'https'
            raise ArgumentError, 'Unable to use bearer authorization on non https endpoint.'
          end

          token_provider = context.config.token_provider
          if token_provider && token_provider.set?
            context.http_request.headers['Authorization'] = "Bearer #{token_provider.token.token}"
          else
            raise Errors::MissingBearerTokenError
          end
          @handler.call(context)
        end
      end
    end
  end
end