class Grape::OAuth2::Strategies::AuthorizationCode

Auth Code strategy class. Processes request and responds with Token or Code (depend on requested response type).

Public Class Methods

process(request, response) click to toggle source

Processes Authorization request.

# File lib/grape_oauth2/strategies/authorization_code.rb, line 10
def process(request, response)
  client = authenticate_client(request)
  request.bad_request! if client.nil?

  response.redirect_uri = request.verify_redirect_uri!(client.redirect_uri)

  # TODO: verify scopes if they valid
  # scopes = request.scope
  # request.invalid_scope! "Unknown scope: #{scope}"

  case request.response_type
  when :code
    # resource owner can't be nil!
    authorization_code = config.access_grant_class.create_for(client, nil, response.redirect_uri)
    response.code = authorization_code.token
  when :token
    # resource owner can't be nil!
    access_token = config.access_token_class.create_for(client, nil, scopes_from(request))
    response.access_token = expose_to_bearer_token(access_token)
  end

  response.approve!
  response
end