class Rack::OAuth2::Server::AccessToken

Access token. This is what clients use to access resources.

An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.

Attributes

_id[R]

Access token. As unique as they come.

client_id[R]

Client that was granted this access token.

created_at[R]

When token was granted.

expires_at[R]

When token expires for good.

identity[R]

The identity we authorized access to.

last_access[RW]

Timestamp of last access using this token, rounded up to hour.

prev_access[RW]

Timestamp of previous access using this token, rounded up to hour.

revoked[RW]

Timestamp if revoked.

scope[R]

The scope granted to this token.

token[R]

Access token. As unique as they come.

Public Class Methods

collection() click to toggle source
# File lib/rack/oauth2/models/access_token.rb, line 94
def collection
  prefix = Server.options[:collection_prefix]
  Server.database["#{prefix}.access_tokens"]
end
count(filter = {}) click to toggle source

Returns count of access tokens.

@param [Hash] filter Count only a subset of access tokens @option filter [Integer] days Only count that many days (since now) @option filter [Boolean] revoked Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil @option filter [String, ObjectId] client_id Only tokens grant to this client

# File lib/rack/oauth2/models/access_token.rb, line 69
def count(filter = {})
  select = {}
  if filter[:days]
    now = Time.now.to_i
    range = { :$gt=>now - filter[:days] * 86400, :$lte=>now }
    select[ filter[:revoked] ? :revoked : :created_at ] = range
  elsif filter.has_key?(:revoked)
    select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil }
  end
  select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id]
  collection.find(select).count
end
create_token_for(client, scope, identity = nil, expires = nil) click to toggle source

Creates a new AccessToken for the given client and scope.

# File lib/rack/oauth2/models/access_token.rb, line 37
def create_token_for(client, scope, identity = nil, expires = nil)
  expires_at = Time.now.to_i + expires if expires && expires != 0
  token = { :_id=>Server.secure_random, :scope=>scope,
            :client_id=>client.id, :created_at=>Time.now.to_i,
            :expires_at=>expires_at, :revoked=>nil,
            :last_access=>Time.now.to_i, :prev_access=>Time.now.to_i }

  token[:identity] = identity if identity
  collection.insert token
  Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } })
  Server.new_instance self, token
end
for_client(client_id, offset = 0, limit = 100) click to toggle source

Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.

# File lib/rack/oauth2/models/access_token.rb, line 57
def for_client(client_id, offset = 0, limit = 100)
  client_id = BSON::ObjectId(client_id.to_s)
  collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }).
    map { |token| Server.new_instance self, token }
end
from_identity(identity) click to toggle source

Find all AccessTokens for an identity.

# File lib/rack/oauth2/models/access_token.rb, line 51
def from_identity(identity)
  collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields }
end
from_token(token) click to toggle source

Find AccessToken from token. Does not return revoked tokens.

# File lib/rack/oauth2/models/access_token.rb, line 13
def from_token(token)
  Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil })
end
get_token_for(identity, client, scope, expires = nil) click to toggle source

Get an access token (create new one if necessary).

You can set optional expiration in seconds. If zero or nil, token never expires.

# File lib/rack/oauth2/models/access_token.rb, line 21
def get_token_for(identity, client, scope, expires = nil)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope

  token = collection.find_one({
    :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}],
    :identity=>identity, :scope=>scope,
    :client_id=>client.id, :revoked=>nil})

  unless token
    return create_token_for(client, scope, identity, expires)
  end
  Server.new_instance self, token
end
historical(filter = {}) click to toggle source
# File lib/rack/oauth2/models/access_token.rb, line 82
def historical(filter = {})
  days = filter[:days] || 60
  select = { :$gt=> { :created_at=>Time.now - 86400 * days } }
  select = {}
  if filter[:client_id]
    select[:client_id] = BSON::ObjectId(filter[:client_id].to_s)
  end
  raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }",
    select, { :granted=>0 }, "function (token, state) { state.granted++ }")
  raw.sort { |a, b| a["ts"] - b["ts"] }
end

Public Instance Methods

access!() click to toggle source

Updates the last access timestamp.

# File lib/rack/oauth2/models/access_token.rb, line 121
def access!
  today = (Time.now.to_i / 3600) * 3600
  if last_access.nil? || last_access < today
    AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } })
    self.last_access = today
  end
end
revoke!() click to toggle source

Revokes this access token.

# File lib/rack/oauth2/models/access_token.rb, line 130
def revoke!
  self.revoked = Time.now.to_i
  AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } })
  Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } })
end