Class: Opro::Oauth::TokenController

Inherits:
OproController
  • Object
show all
Defined in:
app/controllers/opro/oauth/token_controller.rb

Overview

This controller is where clients can exchange codes and refresh_tokens for access_tokens

Instance Method Summary collapse

Instance Method Details

#createObject 



9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
 
# File 'app/controllers/opro/oauth/token_controller.rb', line 9

def create
  # Find the client application
  application = Opro::Oauth::ClientApp.authenticate(params[:client_id], params[:client_secret])

  if application.nil?
    render :json => {:error => app_not_found_error(params)}, :status => :unauthorized and return
  end

  if params[:code]
    auth_grant = Opro::Oauth::AuthGrant.auth_with_code!(params[:code], application.id)
  elsif params[:refresh_token]
    auth_grant = Opro::Oauth::AuthGrant.find_for_refresh(params[:refresh_token], application.id)
  elsif params[:password].present? || params[:grant_type] == "password"|| params[:grant_type] == "bearer"
    user       = ::Opro.find_user_for_all_auths!(self, params) if Opro.password_exchange_enabled? && oauth_valid_password_auth?(params[:client_id], params[:client_secret])
    auth_grant = Opro::Oauth::AuthGrant.auth_with_user!(user, application.id) if user.present?
  end

  if auth_grant.blank?
    render :json => {:error => debug_error_msg(params) }, :status => :unauthorized and return
  end

  auth_grant.refresh!
  render :json => { :access_token   => auth_grant.access_token,
                    :refresh_token  => auth_grant.refresh_token,
                    :expires_in     => auth_grant.expires_in }
end