module OAuth::Controllers::ProviderController
Public Class Methods
included(controller)
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 6 def self.included(controller) controller.class_eval do before_filter :login_required, :only => [:authorize,:revoke] oauthenticate :only => [:test_request] oauthenticate :strategies => :token, :interactive => false, :only => [:invalidate,:capabilities] oauthenticate :strategies => :two_legged, :interactive => false, :only => [:request_token] oauthenticate :strategies => :oauth10_request_token, :interactive => false, :only => [:access_token] skip_before_filter :verify_authenticity_token, :only=>[:request_token, :access_token, :invalidate, :test_request, :token] end end
Public Instance Methods
access_token()
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 26 def access_token @token = current_token && current_token.exchange! if @token render :text => @token.to_query else render :nothing => true, :status => 401 end end
capabilities()
click to toggle source
Capabilities of current_token
# File lib/oauth/controllers/provider_controller.rb, line 86 def capabilities if current_token.respond_to?(:capabilities) @capabilities=current_token.capabilities else @capabilities={:invalidate=>url_for(:action=>:invalidate)} end respond_to do |format| format.json {render :json=>@capabilities} format.xml {render :xml=>@capabilities} end end
invalidate()
click to toggle source
Invalidate current token
# File lib/oauth/controllers/provider_controller.rb, line 80 def invalidate current_token.invalidate! head :status=>410 end
request_token()
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 17 def request_token @token = current_client_application.create_request_token params if @token render :text => @token.to_query else render :nothing => true, :status => 401 end end
revoke()
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 70 def revoke @token = current_user.tokens.find_by_token! params[:token] if @token @token.invalidate! flash[:notice] = "You've revoked the token for #{@token.client_application.name}" end redirect_to oauth_clients_url end
test_request()
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 51 def test_request render :text => params.collect{|k,v|"#{k}=#{v}"}.join("&") end
token()
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 35 def token @client_application = ClientApplication.find_by_key! params[:client_id] if @client_application.secret != params[:client_secret] oauth2_error "invalid_client" return end # older drafts used none for client_credentials params[:grant_type] = 'client_credentials' if params[:grant_type] == 'none' logger.info "grant_type=#{params[:grant_type]}" if ["authorization_code", "password", "client_credentials"].include?(params[:grant_type]) send "oauth2_token_#{params[:grant_type].underscore}" else oauth2_error "unsupported_grant_type" end end
Protected Instance Methods
authenticate_user(username,password)
click to toggle source
should authenticate and return a user if valid password. Override in your own controller
# File lib/oauth/controllers/provider_controller.rb, line 160 def authenticate_user(username,password) User.authenticate(username,password) end
oauth2_error(error="invalid_grant")
click to toggle source
# File lib/oauth/controllers/provider_controller.rb, line 175 def oauth2_error(error="invalid_grant") render :json=>{:error=>error}.to_json, :status => 400 end
oauth2_token_client_credentials()
click to toggle source
autonomous authorization which creates a token for client_applications user
# File lib/oauth/controllers/provider_controller.rb, line 165 def oauth2_token_client_credentials @token = Oauth2Token.create :client_application=>@client_application, :user=>@client_application.user, :scope=>params[:scope] render :json=>@token end
oauth2_token_password()
click to toggle source
tools.ietf.org/html/draft-ietf-oauth-v2-22#section-4.1.2
# File lib/oauth/controllers/provider_controller.rb, line 149 def oauth2_token_password @user = authenticate_user( params[:username], params[:password]) unless @user oauth2_error return end @token = Oauth2Token.create :client_application=>@client_application, :user=>@user, :scope=>params[:scope] render :json=>@token end