module Grape::OAuth2::Helpers::AccessTokenHelpers

Set of Grape OAuth2 helpers.

Public Instance Methods

access_token_required!(*scopes) click to toggle source

Adds OAuth2 Access Token protection for Grape routes.

@param scopes [Array]

set of scopes required to access the endpoint

@raise [Rack::OAuth2::Server::Resource::Bearer::Unauthorized]

invalid Access Token value

@raise [Rack::OAuth2::Server::Resource::Bearer::Forbidden]

Access Token expired, revoked or does't have required scopes
# File lib/grape_oauth2/helpers/access_token_helpers.rb, line 18
def access_token_required!(*scopes)
  endpoint_scopes = env['api.endpoint'].options[:route_options][:scopes]
  required_scopes = endpoint_scopes.presence || scopes

  raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized if current_access_token.nil?
  raise Rack::OAuth2::Server::Resource::Bearer::Forbidden unless valid_access_token?(required_scopes)
end
current_access_token() click to toggle source

Returns Access Token instance found by access_token value passed with the request.

# File lib/grape_oauth2/helpers/access_token_helpers.rb, line 34
def current_access_token
  @_current_access_token ||= request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
end
current_resource_owner() click to toggle source

Returns Resource Owner from the Access Token found by access_token value passed with the request.

# File lib/grape_oauth2/helpers/access_token_helpers.rb, line 28
def current_resource_owner
  @_current_resource_owner ||= current_access_token.resource_owner
end
valid_access_token?(scopes) click to toggle source

Validate current access token not to be expired or revoked and has all the requested scopes.

@return [Boolean]

true if current Access Token not expired, not revoked and scopes match
false in other cases.
# File lib/grape_oauth2/helpers/access_token_helpers.rb, line 45
def valid_access_token?(scopes)
  !current_access_token.revoked? && !current_access_token.expired? &&
    Grape::OAuth2.config.scopes_validator.new(scopes).valid_for?(current_access_token)
end