defmodule Boruta.Oauth.Scope do
@moduledoc """
OAuth scope schema and utilities
"""
@enforce_keys [:name]
defstruct id: nil, name: nil, label: nil, public: nil
@type t :: %__MODULE__{
id: any() | nil,
label: String.t() | nil,
name: String.t(),
public: boolean() | nil
}
@type raw :: String.t()
@doc """
Splits an OAuth scope string into individual scopes as string
## Examples
iex> scope("a:scope another:scope")
["a:scope", "another:scope"]
"""
@spec split(oauth_scope :: String.t() | nil) :: list(raw())
def split(nil), do: []
def split(scope) do
String.split(scope, " ", trim: true)
end
@doc """
Returns 'openid' scope
"""
@spec openid() :: t()
def openid do
%__MODULE__{
label: "OpenID Connect reserved scope",
name: "openid",
public: true
}
end
@doc """
Determines if scope string contains openid scope.
"""
@spec contains_openid?(oauth_scope :: String.t()) :: boolean()
def contains_openid?(scope) when is_binary(scope) do
String.match?(scope, ~r/#{openid().name}/)
end
def contains_openid?(_scope), do: false
@doc """
Determines if artifact is authorized to access given scope.
"""
@spec authorized_scopes(
against :: List | Boruta.Oauth.Token.t() | Boruta.Oauth.Client.t(),
scopes :: list(String.t()),
public_scopes :: list(String.t())
) :: authorized_scopes :: list(String.t())
@spec authorized_scopes(
against :: List | Boruta.Oauth.Token.t() | Boruta.Oauth.Client.t(),
scopes :: list(String.t())
) :: authorized_scopes :: list(String.t())
defdelegate authorized_scopes(against, scopes, public_scopes \\ []), to: __MODULE__.Authorize
end