class Doorkeeper::Config::Builder
Default Doorkeeper
configuration builder
Public Instance Methods
Change the way access token is authenticated from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:access_token` or `:bearer_token` params from the `params` object.
@param methods [Array] Define access token methods
# File lib/doorkeeper/config.rb, line 83 def access_token_methods(*methods) @config.instance_variable_set(:@access_token_methods, methods) end
Use an API mode for applications generated with –api argument It will skip applications controller, disable forgery protection
# File lib/doorkeeper/config.rb, line 134 def api_only @config.instance_variable_set(:@api_only, true) end
Change the way client credentials are retrieved from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:client_id` and `:client_secret` params from the `params` object.
@param methods [Array] Define client credentials
# File lib/doorkeeper/config.rb, line 73 def client_credentials(*methods) @config.instance_variable_set(:@client_credentials_methods, methods) end
# File lib/doorkeeper/config.rb, line 30 def confirm_application_owner @config.instance_variable_set(:@confirm_application_owner, true) end
Define default access token scopes for your provider
@param scopes [Array] Default set of access (OAuth::Scopes.new
) token scopes
# File lib/doorkeeper/config.rb, line 48 def default_scopes(*scopes) @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes)) end
Provide support for an owner to be assigned to each registered application (disabled by default) Optional parameter confirmation: true (default false) if you want to enforce ownership of a registered application
@param opts [Hash] the options to confirm if an application owner
is present
@option opts :confirmation (false)
Set confirm_application_owner variable
# File lib/doorkeeper/config.rb, line 25 def enable_application_owner(opts = {}) @config.instance_variable_set(:@enable_application_owner, true) confirm_application_owner if opts[:confirmation].present? && opts[:confirmation] end
Provide support for dynamic scopes (e.g. user:*) (disabled by default) Optional parameter delimiter (default “:”) if you want to customize the delimiter separating the scope name and matching value.
@param opts [Hash] the options to configure dynamic scopes
# File lib/doorkeeper/config.rb, line 39 def enable_dynamic_scopes(opts = {}) @config.instance_variable_set(:@enable_dynamic_scopes, true) @config.instance_variable_set(:@dynamic_scopes_delimiter, opts[:delimiter] || ':') end
Forbids creating/updating applications with arbitrary scopes that are not in configuration, i.e. ‘default_scopes` or `optional_scopes`. (disabled by default)
# File lib/doorkeeper/config.rb, line 147 def enforce_configured_scopes @config.instance_variable_set(:@enforce_configured_scopes, true) end
Enforce request content type as the spec requires: disabled by default for backward compatibility.
# File lib/doorkeeper/config.rb, line 153 def enforce_content_type @config.instance_variable_set(:@enforce_content_type, true) end
Require non-confidential apps to use PKCE (send a code_verifier) when requesting an access_token using an authorization code (disabled by default)
# File lib/doorkeeper/config.rb, line 128 def force_pkce @config.instance_variable_set(:@force_pkce, true) end
Allow optional hashing of application secrets before persisting them. Will be used for hashing of input token and grants.
@param using
Provide a different secret storage implementation for applications
@param fallback
Provide a fallback secret storage implementation for applications or use :plain to fallback to plain application secrets
# File lib/doorkeeper/config.rb, line 180 def hash_application_secrets(using: nil, fallback: nil) default = "::Doorkeeper::SecretStoring::Sha256Hash" configure_secrets_for :application, using: using || default, fallback: fallback end
Allow optional hashing of input tokens before persisting them. Will be used for hashing of input token and grants.
@param using
Provide a different secret storage implementation class for tokens
@param fallback
Provide a fallback secret storage implementation class for tokens or use :plain to fallback to plain tokens
# File lib/doorkeeper/config.rb, line 165 def hash_token_secrets(using: nil, fallback: nil) default = "::Doorkeeper::SecretStoring::Sha256Hash" configure_secrets_for :token, using: using || default, fallback: fallback end
Define default access token scopes for your provider
@param scopes [Array] Optional set of access (OAuth::Scopes.new
) token scopes
# File lib/doorkeeper/config.rb, line 56 def optional_scopes(*scopes) @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes)) end
Reuse access token for the same resource owner within an application (disabled by default) Rationale: github.com/doorkeeper-gem/doorkeeper/issues/383
# File lib/doorkeeper/config.rb, line 98 def reuse_access_token @config.instance_variable_set(:@reuse_access_token, true) end
TODO: maybe make it more generic for other flows too? Only allow one valid access token obtained via client credentials per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)
# File lib/doorkeeper/config.rb, line 115 def revoke_previous_client_credentials_token @config.instance_variable_set(:@revoke_previous_client_credentials_token, true) end
Define scopes_by_grant_type
to limit certain scope to certain grant_type @param { Hash } with grant_types as keys. Default set to {} i.e. no limitation on scopes usage
# File lib/doorkeeper/config.rb, line 63 def scopes_by_grant_type(hash = {}) @config.instance_variable_set(:@scopes_by_grant_type, hash) end
Enables polymorphic Resource Owner association for Access Grant and Access Token models. Requires additional database columns to be setup.
# File lib/doorkeeper/config.rb, line 140 def use_polymorphic_resource_owner @config.instance_variable_set(:@polymorphic_resource_owner, true) end
Issue access tokens with refresh token (disabled if not set)
# File lib/doorkeeper/config.rb, line 88 def use_refresh_token(enabled = true, &block) @config.instance_variable_set( :@refresh_token_enabled, block || enabled, ) end
Private Instance Methods
Configure the secret storing functionality
# File lib/doorkeeper/config.rb, line 190 def configure_secrets_for(type, using:, fallback:) raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type) @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize) if fallback.nil? return elsif fallback.to_sym == :plain fallback = "::Doorkeeper::SecretStoring::Plain" end @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize) end