Class: Leash::Provider::TokenController

Inherits:

Leash::ProviderController

Object
ActionController::Base
LeashController
Leash::ProviderController
Leash::Provider::TokenController

Defined in:: app/controllers/leash/provider/token_controller.rb

Constant Summary collapse

GRANT_TYPES =

[ "authorization_code" ].freeze

Constants inherited from Leash::ProviderController

Leash::ProviderController::CLIENT_ID_REGEXP

Instance Method Summary collapse

#token ⇒ Object

Instance Method Details

#token ⇒ `Object`

# File 'app/controllers/leash/provider/token_controller.rb', line 7

def token
  case @grant_type
  when "authorization_code"
    params.require("code")

    # Rails.logger.info "[Leash::Provider] Code<->Token exchange: #{params.inspect}"
    callback_with_error "invalid_grant", "Given auth code does not exist" and return unless Leash::Provider::AuthCode.present?(params[:code])

    auth_code = Leash::Provider::AuthCode.find_by_auth_code(params[:code])
    callback_with_error "invalid_grant", "Given redirect URI does not match one specified in the authorization request" and return unless auth_code.redirect_uri == params[:redirect_uri]
    # TODO if client_id and client_secret is present, try to match it with ENV vars

    access_token = Leash::Provider::AccessToken.assign_from_auth_code! Leash::Provider::AuthCode.find_by_auth_code(params[:code])
    Rails.logger.info "[Leash::Provider] Code<->Token exchange ok: grant_type=#{@grant_type} auth_code=#{params[:code]} access_token=#{access_token} request_ip=#{request.remote_ip} request_user_agent=#{request.user_agent}"
    render json: { access_token: access_token, token_type: "bearer" }

  else
    fail # Should not be reached
  end
end

Class: Leash::Provider::TokenController

Constant Summary collapse

Constants inherited from Leash::ProviderController

Instance Method Summary collapse

Instance Method Details

#token ⇒ Object

#token ⇒ `Object`