Class: Doorkeeper::AccessGrant

Inherits:

Object

• Object
• Doorkeeper::AccessGrant

Includes:

Models::Accessible, Models::Expirable, Models::Revocable, Models::Scopes, Models::SecretStorable, NoBrainer::Document, OAuth::Helpers, Timestamps

Defined in:

lib/support/orm/rethinkdb/access_grant.rb

Class Method Summary

• .by_token(token) ⇒ Object
• .fallback_secret_strategy ⇒ Doorkeeper::SecretStoring::Base

  Determine the fallback storing strategy Unless configured, there will be no fallback.

• .find_by_plaintext_token(attr, token) ⇒ Object
• .generate_code_challenge(code_verifier) ⇒ #to_s

  suitable for PKCE validation.

• .pkce_supported? ⇒ Boolean
• .secret_strategy ⇒ Doorkeeper::SecretStoring::Base

  Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy.

Instance Method Summary

• #lock! ⇒ Object
• #plaintext_token ⇒ Object

  We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.

• #revoke(clock = Time) ⇒ Object
• #transaction ⇒ Object
• #uses_pkce? ⇒ Boolean

Class Method Details

.by_token(token) ⇒ Object

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 35

def by_token(token)
  find_by_plaintext_token(:token, token)
end

.fallback_secret_strategy ⇒ Doorkeeper::SecretStoring::Base

Determine the fallback storing strategy Unless configured, there will be no fallback

Returns:

• (Doorkeeper::SecretStoring::Base)

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 74

def fallback_secret_strategy
  ::Doorkeeper.config.token_secret_fallback_strategy
end

.find_by_plaintext_token(attr, token) ⇒ Object

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 39

def find_by_plaintext_token(attr, token)
  # We are not implementing the fallback strategy
  where(attr => secret_strategy.transform_secret(token.to_s)).first
end

.generate_code_challenge(code_verifier) ⇒ #to_s

suitable for PKCE validation

Parameters:

• code_verifier (#to_s) —

  a one time use value (any object that responds to ‘#to_s`)

Returns:

• (#to_s) —

  An encoded code challenge based on the provided verifier

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 49

def generate_code_challenge(code_verifier)
  padded_result = Base64.urlsafe_encode64(Digest::SHA256.digest(code_verifier))
  padded_result.split("=")[0] # Remove any trailing '='
end

.pkce_supported? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 54

def pkce_supported?
  true
end

.secret_strategy ⇒ Doorkeeper::SecretStoring::Base

Determines the secret storing transformer Unless configured otherwise, uses the plain secret strategy

Returns:

• (Doorkeeper::SecretStoring::Base)

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 64

def secret_strategy
  ::Doorkeeper.config.token_secret_strategy
end

Instance Method Details

#lock! ⇒ Object

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 83

def lock!; end

#plaintext_token ⇒ Object

We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.

Some strategies allow restoring stored secrets (e.g. symmetric encryption) while hashing strategies do not, so you cannot rely on this value returning a present value for persisted tokens.

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 95

def plaintext_token
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :token)
  else
    @raw_token
  end
end

#revoke(clock = Time) ⇒ Object

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 103

def revoke(clock = Time)
  self.revoked_at = clock.now.utc
  self.save!
end

#transaction ⇒ Object

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 82

def transaction; yield; end

#uses_pkce? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/support/orm/rethinkdb/access_grant.rb', line 85

def uses_pkce?
  self.code_challenge.present?
end