Merge pull request #190 from line/feature/channel_access_token_v21

Support channel access token v2.1

Author: kimoto

Diff for: lib/line/bot/api.rb

@@ -17,6 +17,7 @@
 module Line
   module Bot
     module API
+      DEFAULT_OAUTH_ENDPOINT = "https://api.line.me"
       DEFAULT_ENDPOINT = "https://api.line.me/v2"
       DEFAULT_BLOB_ENDPOINT = "https://api-data.line.me/v2"
       DEFAULT_LIFF_ENDPOINT = "https://api.line.me/liff/v1"

Diff for: lib/line/bot/client.rb

@@ -55,6 +55,10 @@ def endpoint
         @endpoint ||= API::DEFAULT_ENDPOINT
       end
 
+      def oauth_endpoint
+        @oauth_endpoint ||= API::DEFAULT_OAUTH_ENDPOINT
+      end
+
       def blob_endpoint
         return @blob_endpoint if @blob_endpoint
 
@@ -106,6 +110,63 @@ def revoke_channel_token(access_token)
         post(endpoint, endpoint_path, payload, headers)
       end
 
+      # Issue channel access token v2.1
+      #
+      # @param jwt [String]
+      #
+      # @return [Net::HTTPResponse]
+      def issue_channel_access_token_jwt(jwt)
+        channel_id_required
+        channel_secret_required
+
+        endpoint_path = '/oauth2/v2.1/token'
+        payload = URI.encode_www_form(
+          grant_type: 'client_credentials',
+          client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+          client_assertion: jwt
+        )
+        headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
+        post(oauth_endpoint, endpoint_path, payload, headers)
+      end
+
+      # Revoke channel access token v2.1
+      #
+      # @param access_token [String]
+      #
+      # @return [Net::HTTPResponse]
+      def revoke_channel_access_token_jwt(access_token)
+        channel_id_required
+        channel_secret_required
+
+        endpoint_path = '/oauth2/v2.1/revoke'
+        payload = URI.encode_www_form(
+          client_id: channel_id,
+          client_secret: channel_secret,
+          access_token: access_token
+        )
+        headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
+        post(oauth_endpoint, endpoint_path, payload, headers)
+      end
+
+      # Get all valid channel access token key IDs v2.1
+      #
+      # @param jwt [String]
+      #
+      # @return [Net::HTTPResponse]
+      def get_channel_access_token_key_ids_jwt(jwt)
+        channel_id_required
+        channel_secret_required
+
+        payload = URI.encode_www_form(
+          client_assertion_type: 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer',
+          client_assertion: jwt
+        )
+        endpoint_path = "/oauth2/v2.1/tokens/kid?#{payload}"
+
+        headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
+        get(oauth_endpoint, endpoint_path, headers)
+      end
+
       # Push messages to a user using user_id.
       #
       # @param user_id [String] User Id

Diff for: spec/line/bot/client_channel_token_spec.rb

@@ -10,6 +10,28 @@
 }
 EOS
 
+ISSUE_CHANNEL_ACCESS_TOKEN_JWT_CONTENT = <<"EOS"
+{
+    "access_token": "eyJhbGciOiJIUzxxxxxx",
+    "token_type": "Bearer",
+    "expires_in": 2592000,
+    "key_id": "sDTOzw5wIfxxxxPEzcmeQA"
+}
+EOS
+
+GET_CHANNEL_ACCESS_TOKEN_KEY_IDS_JWT_CONTENT = <<"EOS"
+{
+    "key_ids": [
+        "U_gdnFYKTWRxxxxDVZexGg",
+        "sDTOzw5wIfWxxxxzcmeQA",
+        "73hDyp3PxGfxxxxD6U5qYA",
+        "FHGanaP79smDxxxxyPrVw",
+        "CguB-0kxxxxdSM3A5Q_UtQ",
+        "G82YP96jhHwyKSxxxx7IFA"
+    ]
+}
+EOS
+
 describe Line::Bot::Client do
   def dummy_config
     {
@@ -49,4 +71,45 @@ def generate_client
 
     expect(response).to be_a(Net::HTTPOK)
   end
+
+  it 'issues an oauth access token v2.1' do
+    uri_template = Addressable::Template.new Line::Bot::API::DEFAULT_OAUTH_ENDPOINT + '/oauth2/v2.1/token'
+    stub_request(:post, uri_template).to_return { |request| {body: ISSUE_CHANNEL_ACCESS_TOKEN_JWT_CONTENT, status: 200} }
+
+    client = generate_client
+    response = client.issue_channel_access_token_jwt('jwt_string')
+
+    expect(response).to be_a(Net::HTTPOK)
+    result = JSON.parse(response.body)
+    expect(result['access_token']).to eq 'eyJhbGciOiJIUzxxxxxx'
+    expect(result['expires_in']).to eq 2592000
+    expect(result['token_type']).to eq 'Bearer'
+    expect(result['key_id']).to eq 'sDTOzw5wIfxxxxPEzcmeQA'
+  end
+
+  it 'revokes the oauth access token v2.1' do
+    uri_template = Addressable::Template.new Line::Bot::API::DEFAULT_OAUTH_ENDPOINT + '/oauth2/v2.1/revoke'
+    stub_request(:post, uri_template).to_return { |request| {body: '', status: 200} }
+
+    client = generate_client
+
+    response = client.revoke_channel_access_token_jwt('sDTOzw5wIfxxxxPEzcmeQA')
+
+    expect(response).to be_a(Net::HTTPOK)
+  end
+
+  it 'get all valid channel access token key ids v2.1' do
+    client_assertion = 'jwt_string'
+    client_assertion_type = 'urn:ietf:params:oauth:client-assertion-type:jwt-bearer'
+
+    uri_template = Addressable::Template.new Line::Bot::API::DEFAULT_OAUTH_ENDPOINT +
+                                             "/oauth2/v2.1/tokens/kid?client_assertion=#{client_assertion}&client_assertion_type=#{client_assertion_type}"
+    stub_request(:any, uri_template).to_return { |request| {body: GET_CHANNEL_ACCESS_TOKEN_KEY_IDS_JWT_CONTENT, status: 200} }
+
+    client = generate_client
+
+    response = client.get_channel_access_token_key_ids_jwt('jwt_string')
+
+    expect(response).to be_a(Net::HTTPOK)
+  end
 end