class Doorkeeper::OAuth::RefreshTokenRequest

Attributes

access_token[R]
client[R]
credentials[R]
missing_param[R]
refresh_token[R]

Public Class Methods

new(server, refresh_token, credentials, parameters = {}) click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 17
def initialize(server, refresh_token, credentials, parameters = {})
  @server = server
  @refresh_token = refresh_token
  @credentials = credentials
  @original_scopes = parameters[:scope] || parameters[:scopes]
  @refresh_token_parameter = parameters[:refresh_token]
  @client = load_client(credentials) if credentials
end

Private Instance Methods

before_successful_response() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 32
def before_successful_response
  refresh_token.transaction do
    refresh_token.lock!
    raise Errors::InvalidGrantReuse if refresh_token.revoked?

    refresh_token.revoke unless refresh_token_revoked_on_use?
    create_access_token
  end
  super
end
create_access_token() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 51
def create_access_token
  attributes = {}.merge(custom_token_attributes_with_data)

  resource_owner =
    if Doorkeeper.config.polymorphic_resource_owner?
      refresh_token.resource_owner
    else
      refresh_token.resource_owner_id
    end

  if refresh_token_revoked_on_use?
    attributes[:previous_refresh_token] = refresh_token.refresh_token
  end

  # RFC6749
  # 1.5.  Refresh Token
  #
  # Refresh tokens are issued to the client by the authorization server and are
  # used to obtain a new access token when the current access token
  # becomes invalid or expires, or to obtain additional access tokens
  # with identical or narrower scope (access tokens may have a shorter
  # lifetime and fewer permissions than authorized by the resource
  # owner).
  #
  # Here we assume that TTL of the token received after refreshing should be
  # the same as that of the original token.
  #
  @access_token = Doorkeeper.config.access_token_model.create_for(
    application: refresh_token.application,
    resource_owner: resource_owner,
    scopes: scopes,
    expires_in: refresh_token.expires_in,
    use_refresh_token: true,
    **attributes,
  )
end
custom_token_attributes_with_data() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 123
def custom_token_attributes_with_data
  refresh_token
  .attributes
  .with_indifferent_access
  .slice(*Doorkeeper.config.custom_access_token_attributes)
  .symbolize_keys
end
default_scopes() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 47
def default_scopes
  refresh_token.scopes
end
load_client(credentials) click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 28
def load_client(credentials)
  Doorkeeper.config.application_model.by_uid_and_secret(credentials.uid, credentials.secret)
end
refresh_token_revoked_on_use?() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 43
def refresh_token_revoked_on_use?
  Doorkeeper.config.access_token_model.refresh_token_revoked_on_use?
end
validate_client() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 98
def validate_client
  return true if credentials.blank?

  client.present?
end
validate_client_match() click to toggle source

@see datatracker.ietf.org/doc/html/rfc6749#section-1.5

# File lib/doorkeeper/oauth/refresh_token_request.rb, line 106
def validate_client_match
  return true if refresh_token.application_id.blank?

  client && refresh_token.application_id == client.id
end
validate_scope() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 112
def validate_scope
  if @original_scopes.present?
    ScopeChecker.valid?(
      scope_str: @original_scopes,
      server_scopes: refresh_token.scopes,
    )
  else
    true
  end
end
validate_token() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 94
def validate_token
  refresh_token.present? && !refresh_token.revoked?
end
validate_token_presence() click to toggle source
# File lib/doorkeeper/oauth/refresh_token_request.rb, line 88
def validate_token_presence
  @missing_param = :refresh_token if refresh_token.blank? && @refresh_token_parameter.blank?

  @missing_param.nil?
end