module Doorkeeper::AccessTokenMixin
Public Instance Methods
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 403 def acceptable?(scopes) accessible? && includes_scope?(*scopes) end
Indicates if token is acceptable for specific scopes.
@param scopes [Array<String>] scopes
@return [Boolean] true if record is accessible and includes scopes or
false in other cases
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 347 def as_json(_options = {}) { resource_owner_id: resource_owner_id, scope: scopes, expires_in: expires_in_seconds, application: { uid: application.try(:uid) }, created_at: created_at.to_i, }.tap do |json| if Doorkeeper.configuration.polymorphic_resource_owner? json[:resource_owner_type] = resource_owner_type end end end
JSON representation of the Access Token instance.
@return [Hash] hash with token data
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 365 def custom_attributes self.class.extract_custom_attributes(attributes) end
The token’s custom attributes, as defined by the custom_access_token_attributes config option.
@return [Hash] hash of custom access token attributes.
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 409 def plaintext_refresh_token if secret_strategy.allows_restoring_secrets? secret_strategy.restore_secret(self, :refresh_token) else @raw_refresh_token end end
We keep a volatile copy of the raw refresh token for initial communication The stored refresh_token may be mapped and not available in cleartext.
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 423 def plaintext_token if secret_strategy.allows_restoring_secrets? secret_strategy.restore_secret(self, :token) else @raw_token end end
We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.
Some strategies allow restoring stored secrets (e.g. symmetric encryption) while hashing strategies do not, so you cannot rely on this value returning a present value for persisted tokens.
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 434 def revoke_previous_refresh_token! return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank? old_refresh_token&.revoke update_attribute(:previous_refresh_token, "") end
Revokes token with ‘:refresh_token` equal to `:previous_refresh_token` and clears `:previous_refresh_token` attribute.
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 376 def same_credential?(access_token) application_id == access_token.application_id && same_resource_owner?(access_token) end
Indicates whether the token instance have the same credential as the other Access Token.
@param access_token [Doorkeeper::AccessToken] other token
@return [Boolean] true if credentials are same of false in other cases
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 388 def same_resource_owner?(access_token) if Doorkeeper.configuration.polymorphic_resource_owner? resource_owner == access_token.resource_owner else resource_owner_id == access_token.resource_owner_id end end
Indicates whether the token instance have the same credential as the other Access Token.
@param access_token [Doorkeeper::AccessToken] other token
@return [Boolean] true if credentials are same of false in other cases
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 335 def token_type "Bearer" end
Access Token type: Bearer. @see datatracker.ietf.org/doc/html/rfc6750
The OAuth 2.0 Authorization Framework: Bearer Token Usage
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 339 def use_refresh_token? @use_refresh_token ||= false !!@use_refresh_token end
Private Instance Methods
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 485 def attributes_for_token_generator { resource_owner_id: resource_owner_id, scopes: scopes, application: application, expires_in: expires_in, created_at: created_at, }.tap do |attributes| if Doorkeeper.config.polymorphic_resource_owner? attributes[:resource_owner] = resource_owner end Doorkeeper.config.custom_access_token_attributes.each do |attribute_name| attributes[attribute_name] = public_send(attribute_name) end end end
Set of attributes that would be passed to token generator to generate unique token based on them.
@return [Hash] set of attributes
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 457 def generate_refresh_token @raw_refresh_token = UniqueToken.generate secret_strategy.store_secret(self, :refresh_token, @raw_refresh_token) end
Generates refresh token with UniqueToken generator.
@return [String] refresh token value
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 472 def generate_token self.created_at ||= Time.now.utc @raw_token = token_generator.generate(attributes_for_token_generator) secret_strategy.store_secret(self, :token, @raw_token) @raw_token end
Generates and sets the token value with the configured Generator class (see Doorkeeper.config
).
@return [String] generated token value
@raise [Doorkeeper::Errors::UnableToGenerateToken]
custom class doesn't implement .generate method
@raise [Doorkeeper::Errors::TokenGeneratorNotFound]
custom class doesn't exist
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 449 def old_refresh_token @old_refresh_token ||= self.class.by_previous_refresh_token(previous_refresh_token) end
Searches for Access Token record with ‘:refresh_token` equal to `:previous_refresh_token` value.
@return [Doorkeeper::AccessToken, nil]
Access Token record or nil if nothing found
Source
# File lib/doorkeeper/models/access_token_mixin.rb, line 503 def token_generator generator_name = Doorkeeper.config.access_token_generator generator = generator_name.constantize return generator if generator.respond_to?(:generate) raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`." rescue NameError raise Errors::TokenGeneratorNotFound, "#{generator_name} not found" end