lib/boruta/oauth/schemas/scope.ex

defmodule Boruta.Oauth.Scope do
  @moduledoc """
  OAuth scope schema and utilities
  """

  @enforce_keys [:name]
  defstruct id: nil, name: nil, label: nil, public: nil

  @type t :: %__MODULE__{
          id: any() | nil,
          label: String.t() | nil,
          name: String.t(),
          public: boolean() | nil
        }
  @type raw :: String.t()

  @doc """
  Splits an OAuth scope string into individual scopes as string
  ## Examples
      iex> scope("a:scope another:scope")
      ["a:scope", "another:scope"]
  """
  @spec split(oauth_scope :: String.t() | nil) :: list(raw())
  def split(nil), do: []

  def split(scope) do
    String.split(scope, " ", trim: true)
  end

  @doc """
  Returns 'openid' scope
  """
  @spec openid() :: t()
  def openid do
    %__MODULE__{
      label: "OpenID Connect reserved scope",
      name: "openid",
      public: true
    }
  end

  @doc """
  Determines if scope string contains openid scope.
  """
  @spec contains_openid?(oauth_scope :: String.t()) :: boolean()
  def contains_openid?(scope) when is_binary(scope) do
    String.match?(scope, ~r/#{openid().name}/)
  end

  def contains_openid?(_scope), do: false

  @doc """
  Determines if artifact is authorized to access given scope.
  """
  @spec authorized_scopes(
          against :: List | Boruta.Oauth.Token.t() | Boruta.Oauth.Client.t(),
          scopes :: list(String.t()),
          public_scopes :: list(String.t())
        ) :: authorized_scopes :: list(String.t())
  @spec authorized_scopes(
          against :: List | Boruta.Oauth.Token.t() | Boruta.Oauth.Client.t(),
          scopes :: list(String.t())
        ) :: authorized_scopes :: list(String.t())
  defdelegate authorized_scopes(against, scopes, public_scopes \\ []), to: __MODULE__.Authorize
end