class Rack::OAuth2::Server::AuthRequest
Authorization request. Represents request on behalf of client to access particular scope. Use this to keep state from incoming authorization request to grant/deny redirect.
Attributes
Request identifier. We let the database pick this one out.
If granted, the access token.
Client
making this request.
Does what it says on the label.
If granted, the access grant code.
Request identifier. We let the database pick this one out.
Redirect back to this URL.
Response type: either code or token.
Timestamp if revoked.
scope of this request: array of names.
Client
requested we return state on redirect.
Public Class Methods
# File lib/rack/oauth2/models/auth_request.rb, line 30 def collection prefix = Server.options[:collection_prefix] Server.database["#{prefix}.auth_requests"] end
Create a new authorization request. This holds state, so in addition to client ID and scope, we need to know the URL to redirect back to and any state value to pass back in that redirect.
# File lib/rack/oauth2/models/auth_request.rb, line 20 def create(client, scope, redirect_uri, response_type, state) scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope fields = { :client_id=>client.id, :scope=>scope, :redirect_uri=>client.redirect_uri || redirect_uri, :response_type=>response_type, :state=>state, :grant_code=>nil, :authorized_at=>nil, :created_at=>Time.now.to_i, :revoked=>nil } fields[:_id] = collection.insert(fields) Server.new_instance self, fields end
Find AuthRequest
from identifier.
# File lib/rack/oauth2/models/auth_request.rb, line 11 def find(request_id) id = BSON::ObjectId(request_id.to_s) Server.new_instance self, collection.find_one(id) rescue BSON::InvalidObjectId end
Public Instance Methods
Deny access.
# File lib/rack/oauth2/models/auth_request.rb, line 79 def deny! self.authorized_at = Time.now.to_i self.class.collection.update({ :_id=>id }, { :$set=>{ :authorized_at=>authorized_at } }) end
Grant access to the specified identity.
# File lib/rack/oauth2/models/auth_request.rb, line 61 def grant!(identity, expires_in = nil) raise ArgumentError, "Must supply a identity" unless identity return if revoked client = Client.find(client_id) or return self.authorized_at = Time.now.to_i if response_type == "code" # Requested authorization code access_grant = AccessGrant.create(identity, client, scope, redirect_uri) self.grant_code = access_grant.code self.class.collection.update({ :_id=>id, :revoked=>nil }, { :$set=>{ :grant_code=>access_grant.code, :authorized_at=>authorized_at } }) else # Requested access token access_token = AccessToken.get_token_for(identity, client, scope, expires_in) self.access_token = access_token.token self.class.collection.update({ :_id=>id, :revoked=>nil, :access_token=>nil }, { :$set=>{ :access_token=>access_token.token, :authorized_at=>authorized_at } }) end true end