class Doorkeeper::AccessToken
Attributes
Public Class Methods
Returns an instance of the Doorkeeper::AccessToken
with specific token value.
@param refresh_token [#to_s]
refresh token value (any object that responds to `#to_s`)
@return [Doorkeeper::AccessToken, nil] AccessToken
object or nil
if there is no record with such refresh token
# File lib/support/orm/couchbase/access_token.rb, line 67 def by_refresh_token(refresh_token) tok = self.find_by_refresh_token(refresh_token) return tok if tok # legacy - required for existing systems id = AccessToken.bucket.get("refresh-#{refresh_token}", quiet: true) find_by_id(id) if id end
Looking for not expired AccessToken
record with a matching set of scopes that belongs to specific Application
and Resource Owner. If it doesn't exists - then creates it.
@param application [Doorkeeper::Application]
Application instance
@param resource_owner_id [ActiveRecord::Base, Integer]
Resource Owner model instance or it's ID
@param scopes [#to_s]
set of scopes (any object that responds to `#to_s`)
@param expires_in [Integer]
token lifetime in seconds
@param use_refresh_token
[Boolean]
whether to use the refresh token
@return [Doorkeeper::AccessToken] existing record or a new one
# File lib/support/orm/couchbase/access_token.rb, line 166 def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token) if Doorkeeper.configuration.reuse_access_token access_token = matching_token_for(application, resource_owner_id, scopes) if access_token && !access_token.expired? return access_token end end create!( application_id: application.try(:id), resource_owner_id: resource_owner_id, scopes: scopes.to_s, expires_in: expires_in, use_refresh_token: use_refresh_token ) end
Looking for not expired Access Token with a matching set of scopes that belongs to specific Application
and Resource Owner.
@param application [Doorkeeper::Application]
Application instance
@param resource_owner_or_id [ActiveRecord::Base, Integer]
Resource Owner model instance or it's ID
@param scopes [String, Doorkeeper::OAuth::Scopes]
set of scopes
@return [Doorkeeper::AccessToken, nil] Access Token instance or
nil if matching record was not found
# File lib/support/orm/couchbase/access_token.rb, line 119 def matching_token_for(application, resource_owner_or_id, scopes) resource_owner_id = resource_owner_or_id.try(:id) || resource_owner_or_id token = last_authorized_token_for(application.try(:id), resource_owner_id) if token && scopes_match?(token.scopes, scopes, application.try(:scopes)) token end end
# File lib/support/orm/couchbase/access_token.rb, line 43 def refresh_token_revoked_on_use? true end
Revokes AccessToken
records that have not been revoked and associated with the specific Application
and Resource Owner.
@param application_id [Integer]
ID of the Application
@param resource_owner [ActiveRecord::Base]
instance of the Resource Owner model
# File lib/support/orm/couchbase/access_token.rb, line 84 def revoke_all_for(application_id, resource_owner) by_application_id_and_resource_owner_id(key: [application_id, resource_owner.id]).stream do |at| at.revoke end end
Checks whether the token scopes match the scopes from the parameters or Application
scopes (if present).
@param token_scopes [#to_s]
set of scopes (any object that responds to `#to_s`)
@param param_scopes [String]
scopes from params
@param app_scopes [String]
Application scopes
@return [Boolean] true if all scopes and blank or matches
and false in other cases
# File lib/support/orm/couchbase/access_token.rb, line 140 def scopes_match?(token_scopes, param_scopes, app_scopes) (!token_scopes.present? && !param_scopes.present?) || Doorkeeper::OAuth::Helpers::ScopeChecker.match?( token_scopes.to_s, param_scopes, app_scopes ) end
Public Instance Methods
Indicates if token is acceptable for specific scopes.
@param scopes [Array<String>] scopes
@return [Boolean] true if record is accessible and includes scopes or
false in other cases
# File lib/support/orm/couchbase/access_token.rb, line 243 def acceptable?(scopes) accessible? && includes_scope?(*scopes) end
JSON representation of the Access Token instance.
@return [Hash] hash with token data
# File lib/support/orm/couchbase/access_token.rb, line 200 def as_json(_options = {}) { resource_owner_id: resource_owner_id, scopes: scopes, expires_in_seconds: expires_in_seconds, application: { uid: application.try(:uid) }, created_at: created_at.to_i } end
# File lib/support/orm/couchbase/access_token.rb, line 249 def lock!; end
Indicates whether the token instance have the same credential as the other Access Token.
@param access_token [Doorkeeper::AccessToken] other token
@return [Boolean] true if credentials are same of false in other cases
# File lib/support/orm/couchbase/access_token.rb, line 230 def same_credential?(access_token) application_id == access_token.application_id && resource_owner_id == access_token.resource_owner_id end
Lets make sure these keys are not clogging up the database forever
# File lib/support/orm/couchbase/access_token.rb, line 212 def save(**options) if use_refresh_token? options[:ttl] = self.created_at + 6.months else options[:ttl] = self.created_at + self.expires_in + 30 end super(**options) end
Access Token type: Bearer. @see tools.ietf.org/html/rfc6750
The OAuth 2.0 Authorization Framework: Bearer Token Usage
# File lib/support/orm/couchbase/access_token.rb, line 188 def token_type 'bearer' end
# File lib/support/orm/couchbase/access_token.rb, line 248 def transaction; yield; end
# File lib/support/orm/couchbase/access_token.rb, line 192 def use_refresh_token? @use_refresh_token ||= false !!@use_refresh_token end
Private Instance Methods
Generates refresh token with UniqueToken generator.
@return [String] refresh token value
# File lib/support/orm/couchbase/access_token.rb, line 263 def generate_refresh_token if self.refresh_token.blank? write_attribute :refresh_token, UniqueToken.generate end end
# File lib/support/orm/couchbase/access_token.rb, line 269 def generate_token return if self.token.present? self.created_at ||= Time.now.utc generator = Doorkeeper.configuration.access_token_generator.constantize self.id = self.token = generator.generate( resource_owner_id: resource_owner_id, scopes: scopes, application: application, expires_in: expires_in, created_at: created_at ) rescue NoMethodError raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`." rescue NameError raise Errors::TokenGeneratorNotFound, "#{generator} not found" end