Class: Rack::OAuth2::Server::AccessGrant
- Inherits:
-
Object
- Object
- Rack::OAuth2::Server::AccessGrant
- Defined in:
- lib/rack/oauth2/models/access_grant.rb
Overview
The access grant is a nonce, new grant created each time we need it and good for redeeming one access token.
Instance Attribute Summary collapse
-
#_id ⇒ Object
(also: #code)
readonly
Authorization code.
-
#access_token ⇒ Object
Access token created from this grant.
-
#client_id ⇒ Object
readonly
Client that was granted this access token.
-
#created_at ⇒ Object
readonly
Does what it says on the label.
-
#expires_at ⇒ Object
Tells us when this grant expires.
-
#granted_at ⇒ Object
Tells us when (and if) access token was created.
-
#identity ⇒ Object
readonly
The identity we authorized access to.
-
#redirect_uri ⇒ Object
readonly
Redirect URI for this grant.
-
#revoked ⇒ Object
Timestamp if revoked.
-
#scope ⇒ Object
readonly
The scope requested in this grant.
Class Method Summary collapse
- .collection ⇒ Object
-
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
-
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
Instance Method Summary collapse
-
#authorize! ⇒ Object
Authorize access and return new access token.
- #revoke! ⇒ Object
Instance Attribute Details
#_id ⇒ Object (readonly) Also known as: code
Authorization code. We are nothing without it.
33 34 35 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 33 def _id @_id end |
#access_token ⇒ Object
Access token created from this grant. Set and spent.
50 51 52 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 50 def access_token @access_token end |
#client_id ⇒ Object (readonly)
Client that was granted this access token.
38 39 40 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 38 def client_id @client_id end |
#created_at ⇒ Object (readonly)
Does what it says on the label.
44 45 46 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 44 def created_at @created_at end |
#expires_at ⇒ Object
Tells us when this grant expires.
48 49 50 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 48 def expires_at @expires_at end |
#granted_at ⇒ Object
Tells us when (and if) access token was created.
46 47 48 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 46 def granted_at @granted_at end |
#identity ⇒ Object (readonly)
The identity we authorized access to.
36 37 38 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 36 def identity @identity end |
#redirect_uri ⇒ Object (readonly)
Redirect URI for this grant.
40 41 42 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 40 def redirect_uri @redirect_uri end |
#revoked ⇒ Object
Timestamp if revoked.
52 53 54 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 52 def revoked @revoked end |
#scope ⇒ Object (readonly)
The scope requested in this grant.
42 43 44 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 42 def scope @scope end |
Class Method Details
.collection ⇒ Object
27 28 29 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 27 def collection Server.database["oauth2.access_grants"] end |
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
15 16 17 18 19 20 21 22 23 24 25 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 15 def create(identity, client, scope, redirect_uri = nil, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & client.scope # Only allowed scope expires_at = Time.now.to_i + (expires || 300) fields = { :_id=>Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :redirect_uri=>client.redirect_uri || redirect_uri, :created_at=>Time.now.to_i, :expires_at=>expires_at, :granted_at=>nil, :access_token=>nil, :revoked=>nil } collection.insert fields Server.new_instance self, fields end |
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
10 11 12 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 10 def from_code(code) Server.new_instance self, collection.find_one({ :_id=>code, :revoked=>nil }) end |
Instance Method Details
#authorize! ⇒ Object
Authorize access and return new access token.
Access grant can only be redeemed once, but client can make multiple requests to obtain it, so we need to make sure only first request is successful in returning access token, futher requests raise InvalidGrantError.
60 61 62 63 64 65 66 67 68 69 70 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 60 def raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked client = Client.find(client_id) or raise InvalidGrantError access_token = AccessToken.get_token_for(identity, client, scope) self.access_token = access_token.token self.granted_at = Time.now.to_i self.class.collection.update({ :_id=>code, :access_token=>nil, :revoked=>nil }, { :$set=>{ :granted_at=>granted_at, :access_token=>access_token.token } }, :safe=>true) reload = self.class.collection.find_one({ :_id=>code, :revoked=>nil }, { :fields=>%w{access_token} }) raise InvalidGrantError unless reload && reload["access_token"] == access_token.token return access_token end |
#revoke! ⇒ Object
72 73 74 75 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 72 def revoke! self.revoked = Time.now.to_i self.class.collection.update({ :_id=>code, :revoked=>nil }, { :$set=>{ :revoked=>revoked } }) end |