class Doorkeeper::OAuth::AuthorizationCodeRequest
Attributes
Public Class Methods
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 16 def initialize(server, grant, client, parameters = {}) @server = server @client = client @grant = grant @grant_type = Doorkeeper::OAuth::AUTHORIZATION_CODE @redirect_uri = parameters[:redirect_uri] @code_verifier = parameters[:code_verifier] end
Private Instance Methods
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 27 def before_successful_response grant.transaction do grant.lock! raise Errors::InvalidGrantReuse if grant.revoked? if Doorkeeper.config.revoke_previous_authorization_code_token? revoke_previous_tokens(grant.application, resource_owner) end grant.revoke find_or_create_access_token( client, resource_owner, grant.scopes, custom_token_attributes_with_data, server, ) end super end
Calls superclass method
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 111 def custom_token_attributes_with_data grant .attributes .with_indifferent_access .slice(*Doorkeeper.config.custom_access_token_attributes) .symbolize_keys end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 107 def generate_code_challenge(code_verifier) Doorkeeper.config.access_grant_model.generate_code_challenge(code_verifier) end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 58 def pkce_supported? Doorkeeper.config.access_grant_model.pkce_supported? end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 50 def resource_owner if Doorkeeper.config.polymorphic_resource_owner? grant.resource_owner else grant.resource_owner_id end end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 119 def revoke_previous_tokens(application, resource_owner) Doorkeeper.config.access_token_model.revoke_all_for(application.id, resource_owner) end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 75 def validate_client client.present? end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 94 def validate_code_verifier return true unless pkce_supported? return grant.code_challenge.blank? if code_verifier.blank? if grant.code_challenge_method == "S256" grant.code_challenge == generate_code_challenge(code_verifier) elsif grant.code_challenge_method == "plain" grant.code_challenge == code_verifier else false end end
if either side (server or client) request PKCE, check the verifier against the DB - if PKCE is supported
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 79 def validate_grant return false unless grant && grant.application_id == client.id grant.accessible? end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 62 def validate_params @missing_param = if grant&.uses_pkce? && code_verifier.blank? :code_verifier elsif client && !client.confidential && Doorkeeper.config.force_pkce? && code_verifier.blank? :code_verifier elsif redirect_uri.blank? :redirect_uri end @missing_param.nil? end
Source
# File lib/doorkeeper/oauth/authorization_code_request.rb, line 85 def validate_redirect_uri Helpers::URIChecker.valid_for_authorization?( redirect_uri, grant.redirect_uri, ) end