Developer-friendly & type-safe Ruby SDK specifically catered to leverage Authlete API v3.0 and forward.
Important
This is a beta SDK.
If you're new to Authlete or want to see sample implementations, these resources will help you get started:
If you have any questions or need assistance, our team is here to help:
- Authlete Ruby SDK
- Development
- Ruby Version: Ruby >= 3.2.0 is required
ruby --version # Check your Ruby version
The SDK can be installed using RubyGems:
gem install authlete_ruby_sdkOr add it to your Gemfile:
gem 'authlete_ruby_sdk', '~> 0.0.2.beta'Then run:
bundle installYou need to pass a valid access token to be able to use any resource or operation. The bearer parameter required when initializing the SDK client must be one of the following two token types:
- Service Access Token - Scoped to a single service (authorization server instance). Use when you need to access a specific service only. Create from Service Settings β Access Tokens in the Authlete Console.
- Organization Token - Scoped to your entire organization, allowing access to all services. Use when you need to access multiple services or perform organization-level operations. Create from Organization Settings β Access Tokens.
Refer to Creating an Access Token to learn how to create one.
If you face permission (403) errors when already sending a token, it can be one of the following problems:
- The token you are using has expired. Check the expiry date in the Authlete Console.
- You're using the wrong token type (e.g., using a Service Token to access a different service, or using a Service Token when you need organization-level access).
- The resource or operation you are trying to use is not available for that service tier. For example, some features are Enterprise-only and you may be using a token for a service on a different plan.
Important: You must specify which Authlete server to use when initializing the client. If omitted, it defaults to the US server (server_idx: 0).
require "authlete_ruby_sdk"
# Create an alias for cleaner code (optional but recommended)
Models = ::Authlete::Models
# Initialize the Authlete client
# Available servers: https://us.authlete.com, https://jp.authlete.com,
# https://eu.authlete.com, https://br.authlete.com
authlete_client = ::Authlete::Client.new(
bearer: "<YOUR_BEARER_TOKEN>", # Service Access Token or Organization Token (see Access Tokens section)
server_url: "https://us.authlete.com" # Required: Specify your server
)
# Example 1: Retrieve a service
begin
response = authlete_client.services.retrieve(service_id: "<service_id>")
unless response.service.nil?
service = response.service
puts "Service Name: #{service.service_name}"
puts "Service ID (api_key): #{service.api_key}"
puts "Issuer: #{service.issuer}"
end
rescue Models::Errors::ResultError => e
# Handle Authlete-specific errors
puts "Authlete error: #{e.result_code} - #{e.result_message}"
rescue Models::Errors::APIError => e
# Handle HTTP errors
puts "API error: HTTP #{e.status_code} - #{e.message}"
end
# Example 2: List OAuth clients
begin
response = authlete_client.clients.list(service_id: "<service_id>")
if response.client_get_list_response && response.client_get_list_response.clients
response.client_get_list_response.clients.each do |oauth_client|
puts "Client: #{oauth_client.client_name} (ID: #{oauth_client.client_id})"
end
end
rescue Models::Errors::ResultError => e
puts "Error: #{e.result_message}"
end
# Example 3: Process an authorization request
begin
response = authlete_client.authorization.process_request(
service_id: "<service_id>",
authorization_request: Models::Components::AuthorizationRequest.new(
parameters: "response_type=code&client_id=<client_id>&redirect_uri=<redirect_uri>"
)
)
if response.authorization_response
puts "Action: #{response.authorization_response.action}"
puts "Ticket: #{response.authorization_response.ticket}" if response.authorization_response.ticket
end
rescue Models::Errors::ResultError => e
puts "Error: #{e.result_message}"
endNote: Do not include
/apiin theserver_url- the SDK appends it automatically. Theservice_idparameter uses the service'sapi_keyvalue.
See the Quick Start section above for comprehensive examples showing how to initialize the client and make API calls with proper error handling.
For additional examples and detailed API documentation, see the Available Resources and Operations section below.
This SDK supports the following security scheme globally:
| Name | Type | Scheme |
|---|---|---|
bearer |
http | HTTP Bearer |
To authenticate with the API, both the bearer parameter and server_url should be set when initializing the SDK client instance. For example:
require 'authlete_ruby_sdk'
Models = ::Authlete::Models
authlete_client = ::Authlete::Client.new(
bearer: '<YOUR_BEARER_TOKEN_HERE>', # Service Access Token or Organization Token (see Access Tokens section)
server_url: 'https://us.authlete.com' # Required: Specify your server
)
response = authlete_client.services.retrieve(service_id: '<id>')
unless response.service.nil?
# handle response
endAvailable methods
- process_request - Process Authorization Request
- fail_request - Fail Authorization Request
- issue_response - Issue Authorization Response
- ticket_info - Get Ticket Information
- update_ticket - Update Ticket Information
- process_authentication - Process Backchannel Authentication Request
- issue_response - Issue Backchannel Authentication Response
- fail_request - Fail Backchannel Authentication Request
- complete_request - Complete Backchannel Authentication
- update_lock_flag - Update Client Lock
- refresh_secret - Rotate Client Secret
- update_secret - Update Client Secret
- authorizations - Get Authorized Applications
- update_authorizations - Update Client Tokens
- destroy_authorizations - Delete Client Tokens
- granted_scopes - Get Granted Scopes
- destroy_granted_scopes - Delete Granted Scopes
- requestable_scopes - Get Requestable Scopes
- update_requestable_scopes - Update Requestable Scopes
- destroy_requestable_scopes - Delete Requestable Scopes
- retrieve - Get Client
- list - List Clients
- create - Create Client
- update - Update Client
- update_form - Update Client
- destroy - Delete Client β‘
- authorization - Process Device Authorization Request
- verification - Process Device Verification Request
- complete_request - Complete Device Authorization
- configuration - Process Entity Configuration Request
- registration - Process Federation Registration Request
- process_request - Process Grant Management Request
- create - Create Security Key
- destroy - Delete Security Key
- retrieve - Get Security Key
- list - List Security Keys
- process_request - Process Introspection Request
- standard_process - Process OAuth 2.0 Introspection Request
- jose_verify_api - Verify JOSE
- service_jwks_get_api - Get JWK Set
- process_request - Native SSO Processing
- logout - Native SSO Logout Processing
- create - Process Pushed Authorization Request
- process_request - Process Revocation Request
- retrieve - Get Service
- list - List Services
- create - Create Service
- update - Update Service
- destroy - Delete Service β‘
- configuration - Get Service Configuration
- reissue_id_token - Reissue ID Token
- list - List Issued Tokens
- create - Create Access Token
- update - Update Access Token
- destroy - Delete Access Token
- revoke - Revoke Access Token
- process_request - Process Token Request
- fail_request - Fail Token Request
- issue_response - Issue Token Response
- process_request - Process UserInfo Request
- issue_response - Issue UserInfo Response
- metadata - Get Verifiable Credential Issuer Metadata
- jwt_issuer - Get JWT Issuer Information
- jwks - Get JSON Web Key Set
- create_offer - Create Credential Offer
- offer_info - Get Credential Offer Information
- parse - Parse Single Credential
- issue_response - Issue Single Credential
- batch_parse - Parse Batch Credentials
- batch_issue - Issue Batch Credentials
- deferred_parse - Parse Deferred Credential
- deferred_issue - Issue Deferred Credential
Handling errors in this SDK should largely match your expectations. All operations return a response object or raise an error.
By default an API error will raise a Errors::APIError, which has the following properties:
| Property | Type | Description |
|---|---|---|
message |
string | The error message |
status_code |
int | The HTTP status code |
raw_response |
Faraday::Response | The raw HTTP response |
body |
string | The response content |
When custom error responses are specified for an operation, the SDK may also throw their associated exception. You can refer to respective Errors tables in SDK docs for more details on possible exception types for each operation. For example, the retrieve method throws the following exceptions:
| Error Type | Status Code | Content Type |
|---|---|---|
| Models::Errors::ResultError | 400, 401, 403 | application/json |
| Models::Errors::ResultError | 500 | application/json |
| Errors::APIError | 4XX, 5XX | */* |
require 'authlete_ruby_sdk'
Models = ::Authlete::Models
authlete_client = ::Authlete::Client.new(
bearer: '<YOUR_BEARER_TOKEN_HERE>',
server_url: 'https://us.authlete.com' # Specify your server
)
begin
response = authlete_client.services.retrieve(service_id: '<id>')
unless response.service.nil?
# handle response
end
rescue Models::Errors::ResultError => e
# handle Authlete-specific errors
puts "Result Code: #{e.result_code}"
puts "Result Message: #{e.result_message}"
raise e
rescue Errors::APIError => e
# handle HTTP errors
puts "Status Code: #{e.status_code}"
puts "Body: #{e.body}"
raise e
endProblem: Ruby version is too old or dependencies not installed.
Solution:
- Ensure Ruby >= 3.2.0 is installed:
ruby --version - Install dependencies:
gem install sorbet-runtime faraday faraday-multipart faraday-retry base64
Problem: Bearer token is invalid, expired, or lacks permissions.
Solution:
- Verify your bearer token is correct and matches the token type you need (see Access Tokens section)
- Check if token has expired in the Authlete Console
- Ensure you're using the correct token type (Service Token vs Organization Token)
- Verify you're using the correct server (token may be valid for a different region)
Problem: Service ID doesn't exist on the specified server.
Solution:
- Verify the service ID (
api_key) is correct - Check if you're using the correct server (service may be on a different region)
- List services to find available service IDs:
response = client.services.list() response.service_get_list_response.services.each do |s| puts "Service ID: #{s.api_key}, Name: #{s.service_name}" end
Problem: Base URL includes /api suffix or incorrect endpoint.
Solution:
- Remove
/apifromserver_url- usehttps://us.authlete.comnothttps://us.authlete.com/api - Verify the endpoint path is correct
Problem: SDK is being loaded multiple times.
Solution: This is just a warning and can be ignored. It doesn't affect functionality.
When calling services.retrieve(service_id: ...), use the service's api_key value as the service_id parameter:
# The service_id parameter uses the api_key value
response = client.services.retrieve(service_id: '715948317') # api_key value
service = response.service
puts service.api_key # Returns: 715948317Important: You must configure the server URL when initializing the SDK client. If omitted, it defaults to the US server (server_idx: 0), which may not be the correct server for your services.
Specify the server URL directly when creating the client instance. All operations performed through that client will use the specified server.
Available Servers:
- πΊπΈ US:
https://us.authlete.com - π―π΅ Japan:
https://jp.authlete.com - πͺπΊ Europe:
https://eu.authlete.com - π§π· Brazil:
https://br.authlete.com
require 'authlete_ruby_sdk'
Models = ::Authlete::Models
authlete_client = ::Authlete::Client.new(
bearer: '<YOUR_BEARER_TOKEN_HERE>',
server_url: 'https://us.authlete.com' # Specify your server
)
response = authlete_client.services.retrieve(service_id: '<id>')
unless response.service.nil?
# handle response
endNote: Do not include
/apiin theserver_url- the SDK appends it automatically.
You can also specify the server using a numeric index instead of the full URL:
| # | Server | Description |
|---|---|---|
| 0 | https://us.authlete.com |
πΊπΈ US Cluster |
| 1 | https://jp.authlete.com |
π―π΅ Japan Cluster |
| 2 | https://eu.authlete.com |
πͺπΊ Europe Cluster |
| 3 | https://br.authlete.com |
π§π· Brazil Cluster |
require 'authlete_ruby_sdk'
Models = ::Authlete::Models
authlete_client = ::Authlete::Client.new(
server_idx: 0, # 0 = US, 1 = Japan, 2 = Europe, 3 = Brazil
bearer: '<YOUR_BEARER_TOKEN_HERE>',
)
response = authlete_client.services.retrieve(service_id: '<id>')
unless response.service.nil?
# handle response
endRecommendation: Use server_url instead of server_idx for better clarity and to avoid confusion about which server you're using.
This SDK is in beta, and there may be breaking changes between versions without a major version update. Therefore, we recommend pinning usage to a specific package version. This way, you can install the same version each time without breaking changes unless you are intentionally looking for the latest version.
While we value open-source contributions to this SDK, this library is generated programmatically. Any manual changes added to internal files will be overwritten on the next generation. We look forward to hearing your feedback. Feel free to open a PR or an issue with a proof of concept and we'll do our best to include it in a future release.