Class: Rack::OAuth2::Server::AccessGrant
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessGrant
- Defined in:
- lib/rack/oauth2/models/access_grant.rb
Overview
The access grant is a nonce, new grant created each time we need it and good for redeeming one access token.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #code)
readonly
Authorization code.
-
#access_token ⇒ Object
Access token created from this grant.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
Does what it says on the label.
-
#expires_at ⇒ Object
Tells us when this grant expires.
-
#granted_at ⇒ Object
Tells us when (and if) access token was created.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#redirect_uri ⇒ Object
readonly
Redirect URI for this grant.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope requested in this grant.
Class Method Summary collapse
- .collection ⇒ Object
-
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
-
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
Instance Method Summary collapse
-
#authorize!(expires_in = nil) ⇒ Object
Authorize access and return new access token.
- #revoke! ⇒ Object
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: code
Authorization code. We are nothing without it.
34 35 36 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 34 def _id @_id end |
#access_token ⇒ Object
Access token created from this grant. Set and spent.
51 52 53 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 51 def access_token @access_token end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
39 40 41 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 39 def client_id @client_id end |
#created_at ⇒ Object (readonly)
Does what it says on the label.
45 46 47 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 45 def created_at @created_at end |
#expires_at ⇒ Object
Tells us when this grant expires.
49 50 51 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 49 def expires_at @expires_at end |
#granted_at ⇒ Object
Tells us when (and if) access token was created.
47 48 49 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 47 def granted_at @granted_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
37 38 39 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 37 def identity @identity end |
#redirect_uri ⇒ Object (readonly)
Redirect URI for this grant.
41 42 43 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 41 def redirect_uri @redirect_uri end |
#revoked ⇒ Object
Timestamp if revoked.
53 54 55 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 53 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope requested in this grant.
43 44 45 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 43 def scope @scope end |
Class Method Details
.collection ⇒ Object
27 28 29 30 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 27 def collection prefix = Server.[:collection_prefix] Server.database["#{prefix}.access_grants"] end |
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 15 def create(identity, client, scope, redirect_uri = nil, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope expires_at = Time.now.to_i + (expires || 300) fields = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :redirect_uri=>client.redirect_uri || redirect_uri, :created_at=>Time.now.to_i, :expires_at=>expires_at, :granted_at=>nil, :access_token=>nil, :revoked=>nil } collection.insert fields Server.new_instance self, fields end |
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
10 11 12 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 10 def from_code(code) Server.new_instance self, collection.find_one({ :_id=>code, :revoked=>nil }) end |
Instance Method Details
#authorize!(expires_in = nil) ⇒ Object
Authorize access and return new access token.
Access grant can only be redeemed once, but client can make multiple requests to obtain it, so we need to make sure only first request is successful in returning access token, futher requests raise InvalidGrantError.
61 62 63 64 65 66 67 68 69 70 71 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 61 def (expires_in = nil) raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked client = Client.find(client_id) or raise InvalidGrantError access_token = AccessToken.get_token_for(identity, client, scope, expires_in) self.access_token = access_token.token self.granted_at = Time.now.to_i self.class.collection.update({ :_id=>code, :access_token=>nil, :revoked=>nil }, { :$set=>{ :granted_at=>granted_at, :access_token=>access_token.token } }, :safe=>true) reload = self.class.collection.find_one({ :_id=>code, :revoked=>nil }, { :fields=>%w{access_token} }) raise InvalidGrantError unless reload && reload["access_token"] == access_token.token return access_token end |
#revoke! ⇒ Object
73 74 75 76 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 73 def revoke! self.revoked = Time.now.to_i self.class.collection.update({ :_id=>code, :revoked=>nil }, { :$set=>{ :revoked=>revoked } }) end |