class Rack::OAuth2::Server::AccessGrant

The access grant is a nonce, new grant created each time we need it and good for redeeming one access token.

Public Class Methods

create(identity, client, scope, redirect_uri = nil, expires = nil) click to toggle source

Create a new access grant.

Calls superclass method
# File lib/rack/oauth2/models/access_grant.rb, line 16
def self.create(identity, client, scope, redirect_uri = nil, expires = nil)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope
  expires_at = Time.now.to_i + (expires || 300)

  attributes = {
    :code => Server.secure_random,
    :identity=>identity,
    :scope=>scope,
    :client_id=>client.id,
    :redirect_uri=>client.redirect_uri || redirect_uri,
    :created_at=>Time.now.to_i,
    :expires_at=>expires_at
  }

  super(attributes)
end
from_code(code) click to toggle source

Find AccessGrant from authentication code.

# File lib/rack/oauth2/models/access_grant.rb, line 11
def self.from_code(code)
  first(:conditions => {:code => code, :revoked => nil})
end

Public Instance Methods

authorize!() click to toggle source

Authorize access and return new access token.

Access grant can only be redeemed once, but client can make multiple requests to obtain it, so we need to make sure only first request is successful in returning access token, futher requests raise InvalidGrantError.

# File lib/rack/oauth2/models/access_grant.rb, line 40
def authorize!
  raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked
  access_token = AccessToken.get_token_for(identity, client, scope)
  update_attributes(:access_token => access_token.token, :granted_at => Time.now)
  access_token
end
revoke!() click to toggle source
# File lib/rack/oauth2/models/access_grant.rb, line 47
def revoke!
  update_attributes(:revoked => Time.now)
end