class Doorkeeper::OAuth::AuthorizationCodeRequest
Attributes
access_token[R]
client[R]
code_verifier[R]
grant[R]
invalid_request_reason[R]
missing_param[R]
redirect_uri[R]
Public Class Methods
new(server, grant, client, parameters = {})
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 16 def initialize(server, grant, client, parameters = {}) @server = server @client = client @grant = grant @grant_type = Doorkeeper::OAuth::AUTHORIZATION_CODE @redirect_uri = parameters[:redirect_uri] @code_verifier = parameters[:code_verifier] end
Private Instance Methods
before_successful_response()
click to toggle source
Calls superclass method
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 27 def before_successful_response grant.transaction do grant.lock! raise Errors::InvalidGrantReuse if grant.revoked? if Doorkeeper.config.revoke_previous_authorization_code_token? revoke_previous_tokens(grant.application, resource_owner) end grant.revoke find_or_create_access_token( client, resource_owner, grant.scopes, custom_token_attributes_with_data, server, ) end super end
confidential?()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 62 def confidential? client&.confidential end
custom_token_attributes_with_data()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 115 def custom_token_attributes_with_data grant .attributes .with_indifferent_access .slice(*Doorkeeper.config.custom_access_token_attributes) .symbolize_keys end
generate_code_challenge(code_verifier)
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 111 def generate_code_challenge(code_verifier) Doorkeeper.config.access_grant_model.generate_code_challenge(code_verifier) end
pkce_supported?()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 58 def pkce_supported? Doorkeeper.config.access_grant_model.pkce_supported? end
resource_owner()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 50 def resource_owner if Doorkeeper.config.polymorphic_resource_owner? grant.resource_owner else grant.resource_owner_id end end
revoke_previous_tokens(application, resource_owner)
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 123 def revoke_previous_tokens(application, resource_owner) Doorkeeper.config.access_token_model.revoke_all_for(application.id, resource_owner) end
validate_client()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 79 def validate_client client.present? end
validate_code_verifier()
click to toggle source
if either side (server or client) request PKCE, check the verifier against the DB - if PKCE is supported
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 98 def validate_code_verifier return true unless pkce_supported? return grant.code_challenge.blank? if code_verifier.blank? if grant.code_challenge_method == "S256" grant.code_challenge == generate_code_challenge(code_verifier) elsif grant.code_challenge_method == "plain" grant.code_challenge == code_verifier else false end end
validate_grant()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 83 def validate_grant return false unless grant && grant.application_id == client.id grant.accessible? end
validate_params()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 66 def validate_params @missing_param = if grant&.uses_pkce? && code_verifier.blank? :code_verifier elsif !confidential? && Doorkeeper.config.force_pkce? && code_verifier.blank? :code_verifier elsif redirect_uri.blank? :redirect_uri end @missing_param.nil? end
validate_redirect_uri()
click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 89 def validate_redirect_uri Helpers::URIChecker.valid_for_authorization?( redirect_uri, grant.redirect_uri, ) end