Class: Oauned::OauthController

Inherits:

ApplicationController

• Object
• ApplicationController
• Oauned::OauthController

Defined in:

app/controllers/oauned/oauth_controller.rb

Instance Method Summary

• #authorize ⇒ Object
• #index ⇒ Object
• #token ⇒ Object

Instance Method Details

#authorize ⇒ Object

# File 'app/controllers/oauned/oauth_controller.rb', line 16

def authorize
  authorization = client.authorize!(current_user)
  state_param = params[:state].blank? ? "" : "&state=#{CGI.escape(params[:state])}"
  redirect_to "#{params[:redirect_uri]}?code=#{authorization.code}&expires_in=#{authorization.expires_in}#{state_param}"
end

#index ⇒ Object

# File 'app/controllers/oauned/oauth_controller.rb', line 8

def index
  ##
  # If the application has the no_confirmation attribute set to true, we don't ask for confirmation.
  # See https://github.com/dmathieu/oauned/wiki/Skip-Authorization
  #
  return authorize if client.respond_to?(:no_confirmation) && client.no_confirmation
end

#token ⇒ Object

# File 'app/controllers/oauned/oauth_controller.rb', line 22

def token
  if refresh_token?
    original_token = Oauned::Models['connection'].where(['refresh_token LIKE ?', params[:refresh_token]]).first
    if original_token.nil? || original_token.application_id != client.id
      return render_error("Refresh token is invalid", "invalid-grant")
    end
    token = original_token.refresh
  else
    authorization = Oauned::Models['authorization'].where(['code LIKE ?', params[:code]]).first
    if authorization.nil? || authorization.expired? || authorization.application_id != client.id
      return render_error("Authorization expired or invalid", "invalid-grant")
    end
    token = authorization.tokenize!
  end

  render :json => {
    :access_token => token.access_token,
    :refresh_token => token.refresh_token,
    :expired_in => token.expires_in
  }
end