class Doorkeeper::OAuth::AuthorizationCodeRequest

Attributes

access_token[R]
client[R]
code_verifier[R]
grant[R]
invalid_request_reason[R]
missing_param[R]
redirect_uri[R]

Public Class Methods

new(server, grant, client, parameters = {}) click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 16
def initialize(server, grant, client, parameters = {})
  @server = server
  @client = client
  @grant  = grant
  @grant_type = Doorkeeper::OAuth::AUTHORIZATION_CODE
  @redirect_uri = parameters[:redirect_uri]
  @code_verifier = parameters[:code_verifier]
end

Private Instance Methods

before_successful_response() click to toggle source
Calls superclass method
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 27
def before_successful_response
  grant.transaction do
    grant.lock!
    raise Errors::InvalidGrantReuse if grant.revoked?

    if Doorkeeper.config.revoke_previous_authorization_code_token?
      revoke_previous_tokens(grant.application, resource_owner)
    end

    grant.revoke

    find_or_create_access_token(
      client,
      resource_owner,
      grant.scopes,
      custom_token_attributes_with_data,
      server,
    )
  end

  super
end
confidential?() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 62
def confidential?
  client&.confidential
end
custom_token_attributes_with_data() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 115
def custom_token_attributes_with_data
  grant
    .attributes
    .with_indifferent_access
    .slice(*Doorkeeper.config.custom_access_token_attributes)
    .symbolize_keys
end
generate_code_challenge(code_verifier) click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 111
def generate_code_challenge(code_verifier)
  Doorkeeper.config.access_grant_model.generate_code_challenge(code_verifier)
end
pkce_supported?() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 58
def pkce_supported?
  Doorkeeper.config.access_grant_model.pkce_supported?
end
resource_owner() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 50
def resource_owner
  if Doorkeeper.config.polymorphic_resource_owner?
    grant.resource_owner
  else
    grant.resource_owner_id
  end
end
revoke_previous_tokens(application, resource_owner) click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 123
def revoke_previous_tokens(application, resource_owner)
  Doorkeeper.config.access_token_model.revoke_all_for(application.id, resource_owner)
end
validate_client() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 79
def validate_client
  client.present?
end
validate_code_verifier() click to toggle source

if either side (server or client) request PKCE, check the verifier against the DB - if PKCE is supported

# File lib/doorkeeper/oauth/authorization_code_request.rb, line 98
def validate_code_verifier
  return true unless pkce_supported?
  return grant.code_challenge.blank? if code_verifier.blank?

  if grant.code_challenge_method == "S256"
    grant.code_challenge == generate_code_challenge(code_verifier)
  elsif grant.code_challenge_method == "plain"
    grant.code_challenge == code_verifier
  else
    false
  end
end
validate_grant() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 83
def validate_grant
  return false unless grant && grant.application_id == client.id

  grant.accessible?
end
validate_params() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 66
def validate_params
  @missing_param =
    if grant&.uses_pkce? && code_verifier.blank?
      :code_verifier
    elsif !confidential? && Doorkeeper.config.force_pkce? && code_verifier.blank?
      :code_verifier
    elsif redirect_uri.blank?
      :redirect_uri
    end

  @missing_param.nil?
end
validate_redirect_uri() click to toggle source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 89
def validate_redirect_uri
  Helpers::URIChecker.valid_for_authorization?(
    redirect_uri,
    grant.redirect_uri,
  )
end