class Rack::OAuth2::Server::AuthRequest

Authorization request. Represents request on behalf of client to access particular scope. Use this to keep state from incoming authorization request to grant/deny redirect.

Attributes

_id[R]

Request identifier. We let the database pick this one out.

access_token[RW]

If granted, the access token.

authorized_at[RW]

Keeping track of things.

client_id[R]

Client making this request.

created_at[R]

Does what it says on the label.

grant_code[RW]

If granted, the access grant code.

id[R]

Request identifier. We let the database pick this one out.

redirect_uri[R]

Redirect back to this URL.

response_type[R]

Response type: either code or token.

revoked[RW]

Timestamp if revoked.

scope[R]

scope of this request: array of names.

state[R]

Client requested we return state on redirect.

Public Class Methods

collection() click to toggle source
# File lib/rack/oauth2/models/auth_request.rb, line 30
def collection
  prefix = Server.options[:collection_prefix]
  Server.database["#{prefix}.auth_requests"]
end
create(client, scope, redirect_uri, response_type, state) click to toggle source

Create a new authorization request. This holds state, so in addition to client ID and scope, we need to know the URL to redirect back to and any state value to pass back in that redirect.

# File lib/rack/oauth2/models/auth_request.rb, line 20
def create(client, scope, redirect_uri, response_type, state)
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope
  fields = { :client_id=>client.id, :scope=>scope, :redirect_uri=>client.redirect_uri || redirect_uri,
             :response_type=>response_type, :state=>state,
             :grant_code=>nil, :authorized_at=>nil,
             :created_at=>Time.now.to_i, :revoked=>nil }
  fields[:_id] = collection.insert(fields)
  Server.new_instance self, fields
end
find(request_id) click to toggle source

Find AuthRequest from identifier.

# File lib/rack/oauth2/models/auth_request.rb, line 11
def find(request_id)
  id = BSON::ObjectId(request_id.to_s)
  Server.new_instance self, collection.find_one(id)
rescue BSON::InvalidObjectId
end

Public Instance Methods

deny!() click to toggle source

Deny access.

# File lib/rack/oauth2/models/auth_request.rb, line 79
def deny!
  self.authorized_at = Time.now.to_i
  self.class.collection.update({ :_id=>id }, { :$set=>{ :authorized_at=>authorized_at } })
end
grant!(identity, expires_in = nil) click to toggle source

Grant access to the specified identity.

# File lib/rack/oauth2/models/auth_request.rb, line 61
def grant!(identity, expires_in = nil)
  raise ArgumentError, "Must supply a identity" unless identity
  return if revoked
  client = Client.find(client_id) or return
  self.authorized_at = Time.now.to_i
  if response_type == "code" # Requested authorization code
    access_grant = AccessGrant.create(identity, client, scope, redirect_uri)
    self.grant_code = access_grant.code
    self.class.collection.update({ :_id=>id, :revoked=>nil }, { :$set=>{ :grant_code=>access_grant.code, :authorized_at=>authorized_at } })
  else # Requested access token
    access_token = AccessToken.get_token_for(identity, client, scope, expires_in)
    self.access_token = access_token.token
    self.class.collection.update({ :_id=>id, :revoked=>nil, :access_token=>nil }, { :$set=>{ :access_token=>access_token.token, :authorized_at=>authorized_at } })
  end
  true
end