Class: McpAuthenticator::OAuthAuthResult

Inherits:

Struct

• Object
• Struct
• McpAuthenticator::OAuthAuthResult

Defined in:

app/mcp/mcp_authenticator.rb

Overview

Result of successful authentication via Doorkeeper OAuth token.
Service access is scoped by the OAuth application's permitted_services.
If permitted_services is empty/nil, grants access to ALL services (backward compatible).

Instance Attribute Summary

• #account ⇒ Object

  Returns the value of attribute account.

• #doorkeeper_token ⇒ Object

  Returns the value of attribute doorkeeper_token.

Instance Method Summary

• #account_name ⇒ Object
• #can_access_service?(service_key) ⇒ Boolean
• #effective_services ⇒ Object

  Effective services list: if permitted_services is set, scope to those + content.

• #oauth? ⇒ Boolean
• #permitted_services ⇒ Object

  Raw permitted_services from the OAuth application (empty = all).

• #service_labels ⇒ Object

  Human-readable labels for the permitted services.

Instance Attribute Details

#account ⇒ Object

Returns the value of attribute account

Returns:

• (Object) —

  the current value of account

# File 'app/mcp/mcp_authenticator.rb', line 49

def account
  @account
end

#doorkeeper_token ⇒ Object

Returns the value of attribute doorkeeper_token

Returns:

• (Object) —

  the current value of doorkeeper_token

# File 'app/mcp/mcp_authenticator.rb', line 49

def doorkeeper_token
  @doorkeeper_token
end

Instance Method Details

#account_name ⇒ Object

# File 'app/mcp/mcp_authenticator.rb', line 50

def account_name
  account.full_name
end

#can_access_service?(service_key) ⇒ Boolean

Returns:

• (Boolean)

# File 'app/mcp/mcp_authenticator.rb', line 75

def can_access_service?(service_key)
  effective_services.include?(service_key.to_s)
end

#effective_services ⇒ Object

Effective services list: if permitted_services is set, scope to those + content.
If empty, grant all non-sensitive services (backward compatible for existing OAuth apps).
Sensitive services (e.g., call_recordings) always require explicit permission.

# File 'app/mcp/mcp_authenticator.rb', line 66

def effective_services
  services = permitted_services
  if services.any?
    (services | ApiAuthentication::DEFAULT_SERVICES).sort
  else
    (ApiAuthentication::UPSTREAM_SERVICES.keys - ApiAuthentication::SENSITIVE_SERVICES).sort
  end
end

#oauth? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/mcp/mcp_authenticator.rb', line 54

def oauth?
  true
end

#permitted_services ⇒ Object

Raw permitted_services from the OAuth application (empty = all)

# File 'app/mcp/mcp_authenticator.rb', line 59

def permitted_services
  doorkeeper_token.application&.permitted_services.presence || []
end

#service_labels ⇒ Object

Human-readable labels for the permitted services

# File 'app/mcp/mcp_authenticator.rb', line 80

def service_labels
  effective_services.filter_map { |key| ApiAuthentication::UPSTREAM_SERVICES.dig(key, :label) }
end