File Coverage

blib/lib/OIDC/Lite/Server/Scope.pm
Criterion Covered Total %
statement 33 33 100.0
branch 18 18 100.0
condition n/a
subroutine 7 7 100.0
pod 4 5 80.0
total 62 63 98.4


line stmt bran cond sub pod time code
1             package OIDC::Lite::Server::Scope;
2 2     2   21927 use strict;
  2         4  
  2         68  
3 2     2   9 use warnings;
  2         3  
  2         826  
4              
5 6     6 0 32 sub optional_scopes{ return qw{profile email address phone offline_access}; }
6              
7             sub validate_scopes{
8 13     13 1 30 my ($self, $scopes) = @_;
9              
10             # if scope includes 'openid' , return true
11 13 100       28 return 1 if ($self->is_openid_request($scopes));
12              
13             # if scope doesn't include 'openid', other OIDC scope must not be included.
14 6         7 my %optional_scope_hash;
15 6         11 $optional_scope_hash{$_}++ foreach $self->optional_scopes;
16 6         11 foreach my $scope (@$scopes){
17 7 100       32 return 0 if exists $optional_scope_hash{$scope};
18             }
19 1         6 return 1;
20             }
21              
22             sub is_openid_request{
23 18     18 1 325 my ($self, $scopes) = @_;
24              
25             # scopes is array ref
26 18 100       45 return 0 unless (ref($scopes) eq 'ARRAY');
27              
28             # if it has 'openid', return true.
29 17         19 my %scope_hash;
30 17         60 $scope_hash{$_}++ foreach @$scopes;
31 17         79 return (exists $scope_hash{q{openid}});
32             }
33              
34             sub is_required_offline_access{
35 5     5 1 310 my ($self, $scopes) = @_;
36              
37             # scopes is array ref
38 5 100       15 return 0 unless (ref($scopes) eq 'ARRAY');
39              
40             # if it has 'offline_access', return true.
41 4         4 my %scope_hash;
42 4         17 $scope_hash{$_}++ foreach @$scopes;
43 4         19 return (exists $scope_hash{q{offline_access}});
44             }
45              
46             sub to_normal_claims{
47 6     6 1 4459 my ($self, $scopes) = @_;
48              
49 6         7 my @claims;
50 6         13 foreach my $scope (@$scopes){
51 10 100       27 push(@claims, qw{sub})
52             if($scope eq q{openid});
53              
54 10 100       23 push(@claims, qw{name family_name given_name middle_name
55             nickname preferred_username profile
56             picture website gender birthdate
57             zoneinfo locale updated_at})
58             if($scope eq q{profile});
59              
60 10 100       18 push(@claims, qw(email email_verified))
61             if($scope eq q{email});
62              
63 10 100       21 push(@claims, qw{address})
64             if($scope eq q{address});
65              
66 10 100       27 push(@claims, qw{phone_number phone_number_verified})
67             if($scope eq q{phone});
68             }
69              
70 6         18 return \@claims;
71             }
72              
73             =head1 NAME
74              
75             OIDC::Lite::Server::Scope - utility class for OpenID Connect Scope
76              
77             =head1 SYNOPSIS
78              
79             use OIDC::Lite::Server::Scope;
80              
81             my @scopes = ...
82              
83             # if request doesn't inclue 'openid' and include other OIDC scope, return false
84             if(OIDC::Lite::Server::Scope->validate_scopes(\@scopes)){
85             # valid scopes
86             }else{
87             # invalid scopes
88             }
89              
90             # return OpenID Connect request or not
91             if(OIDC::Lite::Server::Scope->is_openid_request(\@scopes)){
92             # OpenID Connect Request
93             # issue ID Token
94             }else{
95             # OAuth 2.0 Request
96             # don't issue ID Token
97             }
98            
99             # returned normal claims for scopes
100             my $claims = OIDC::Lite::Server::Scope->to_normal_claims(\@scopes);
101              
102             =head1 DESCRIPTION
103              
104             This is utility class for OpenID Connect scope.
105              
106             =head1 METHODS
107              
108             =head2 validate_scopes( $scopes )
109              
110             If request doesn't inclue 'openid' and include other OIDC scope, return false.
111             'openid' : true
112             'not_openid' : true
113             'openid profile' : true
114             'profile' : false
115             'not_openid profile' : false
116              
117             =head2 is_openid_request( $scopes )
118              
119             Returns the requested scope is for OpenID Connect or not.
120              
121             =head2 is_required_offline_access( $scopes )
122              
123             Returns the requested scope includes 'offline_access' or not.
124              
125             =head2 to_normal_claims( $req )
126              
127             Returns normal claims for requested scopes.
128              
129             =head1 AUTHOR
130              
131             Ryo Ito, Eritou.06@gmail.comE
132              
133             =head1 COPYRIGHT AND LICENSE
134              
135             Copyright (C) 2012 by Ryo Ito
136              
137             This library is free software; you can redistribute it and/or modify
138             it under the same terms as Perl itself, either Perl version 5.8.8 or,
139             at your option, any later version of Perl 5 you may have available.
140              
141             =cut
142              
143             1;