class Rack::OAuth2::Server::AccessToken
Access token. This is what clients use to access resources.
An access token is a unique code, associated with a client, an identity and scope. It may be revoked, or expire after a certain period.
Attributes
Access token. As unique as they come.
Client
that was granted this access token.
When token was granted.
When token expires for good.
The identity we authorized access to.
Timestamp of last access using this token, rounded up to hour.
Timestamp of previous access using this token, rounded up to hour.
Timestamp if revoked.
The scope granted to this token.
Access token. As unique as they come.
Public Class Methods
# File lib/rack/oauth2/models/access_token.rb, line 94 def collection prefix = Server.options[:collection_prefix] Server.database["#{prefix}.access_tokens"] end
Returns count of access tokens.
@param [Hash] filter Count only a subset of access tokens @option filter [Integer] days Only count that many days (since now) @option filter [Boolean] revoked Only count revoked (true) or non-revoked (false) tokens; count all tokens if nil @option filter [String, ObjectId] client_id
Only tokens grant to this client
# File lib/rack/oauth2/models/access_token.rb, line 69 def count(filter = {}) select = {} if filter[:days] now = Time.now.to_i range = { :$gt=>now - filter[:days] * 86400, :$lte=>now } select[ filter[:revoked] ? :revoked : :created_at ] = range elsif filter.has_key?(:revoked) select[:revoked] = filter[:revoked] ? { :$ne=>nil } : { :$eq=>nil } end select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) if filter[:client_id] collection.find(select).count end
Creates a new AccessToken
for the given client and scope.
# File lib/rack/oauth2/models/access_token.rb, line 37 def create_token_for(client, scope, identity = nil, expires = nil) expires_at = Time.now.to_i + expires if expires && expires != 0 token = { :_id=>Server.secure_random, :scope=>scope, :client_id=>client.id, :created_at=>Time.now.to_i, :expires_at=>expires_at, :revoked=>nil, :last_access=>Time.now.to_i, :prev_access=>Time.now.to_i } token[:identity] = identity if identity collection.insert token Client.collection.update({ :_id=>client.id }, { :$inc=>{ :tokens_granted=>1 } }) Server.new_instance self, token end
Returns all access tokens for a given client, Use limit and offset to return a subset of tokens, sorted by creation date.
# File lib/rack/oauth2/models/access_token.rb, line 57 def for_client(client_id, offset = 0, limit = 100) client_id = BSON::ObjectId(client_id.to_s) collection.find({ :client_id=>client_id }, { :sort=>[[:created_at, Mongo::ASCENDING]], :skip=>offset, :limit=>limit }). map { |token| Server.new_instance self, token } end
Find all AccessTokens for an identity.
# File lib/rack/oauth2/models/access_token.rb, line 51 def from_identity(identity) collection.find({ :identity=>identity }).map { |fields| Server.new_instance self, fields } end
Find AccessToken
from token. Does not return revoked tokens.
# File lib/rack/oauth2/models/access_token.rb, line 13 def from_token(token) Server.new_instance self, collection.find_one({ :_id=>token, :revoked=>nil }) end
Get an access token (create new one if necessary).
You can set optional expiration in seconds. If zero or nil, token never expires.
# File lib/rack/oauth2/models/access_token.rb, line 21 def get_token_for(identity, client, scope, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope token = collection.find_one({ :$or=>[{:expires_at=>nil}, {:expires_at=>{:$gt=>Time.now.to_i}}], :identity=>identity, :scope=>scope, :client_id=>client.id, :revoked=>nil}) unless token return create_token_for(client, scope, identity, expires) end Server.new_instance self, token end
# File lib/rack/oauth2/models/access_token.rb, line 82 def historical(filter = {}) days = filter[:days] || 60 select = { :$gt=> { :created_at=>Time.now - 86400 * days } } select = {} if filter[:client_id] select[:client_id] = BSON::ObjectId(filter[:client_id].to_s) end raw = Server::AccessToken.collection.group("function (token) { return { ts: Math.floor(token.created_at / 86400) } }", select, { :granted=>0 }, "function (token, state) { state.granted++ }") raw.sort { |a, b| a["ts"] - b["ts"] } end
Public Instance Methods
Updates the last access timestamp.
# File lib/rack/oauth2/models/access_token.rb, line 121 def access! today = (Time.now.to_i / 3600) * 3600 if last_access.nil? || last_access < today AccessToken.collection.update({ :_id=>token }, { :$set=>{ :last_access=>today, :prev_access=>last_access } }) self.last_access = today end end
Revokes this access token.
# File lib/rack/oauth2/models/access_token.rb, line 130 def revoke! self.revoked = Time.now.to_i AccessToken.collection.update({ :_id=>token }, { :$set=>{ :revoked=>revoked } }) Client.collection.update({ :_id=>client_id }, { :$inc=>{ :tokens_revoked=>1 } }) end