Class: Doorkeeper::TokensController

Inherits:

ApplicationMetalController

• Object
• ActionController::Metal
• ApplicationMetalController
• Doorkeeper::TokensController

Defined in:

app/controllers/doorkeeper/tokens_controller.rb

Constant Summary

Constants inherited from ApplicationMetalController

ApplicationMetalController::MODULES

Instance Method Summary

• #create ⇒ Object
• #revoke ⇒ Object

  OAuth 2.0 Token Revocation - tools.ietf.org/html/rfc7009.

Instance Method Details

#create ⇒ Object

# File 'app/controllers/doorkeeper/tokens_controller.rb', line 3

def create
  response = strategy.authorize
  self.headers.merge! response.headers
  self.response_body = response.body.to_json
  self.status        = response.status
rescue Errors::DoorkeeperError => e
  handle_token_exception e
end

#revoke ⇒ Object

OAuth 2.0 Token Revocation - tools.ietf.org/html/rfc7009

# File 'app/controllers/doorkeeper/tokens_controller.rb', line 13

def revoke
  # The authorization server first validates the client credentials
  if doorkeeper_token && doorkeeper_token.accessible?
    # Doorkeeper does not use the token_type_hint logic described in the RFC 7009
    # due to the refresh token implementation that is a field in the access token model.
    revoke_token(request.POST['token']) if request.POST['token']
  end
  # The authorization server responds with HTTP status code 200 if the
  # token has been revoked sucessfully or if the client submitted an invalid token
  render json: {}, status: 200
end