Class: Rack::OAuth2::Server::AccessGrant
- Inherits:
-
ActiveRecord::Base
- Object
- ActiveRecord::Base
- Rack::OAuth2::Server::AccessGrant
- Defined in:
- lib/rack/oauth2/models/access_grant.rb
Overview
The access grant is a nonce, new grant created each time we need it and good for redeeming one access token.
Class Method Summary collapse
-
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
-
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
Instance Method Summary collapse
-
#authorize! ⇒ Object
Authorize access and return new access token.
- #revoke! ⇒ Object
Class Method Details
.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object
Create a new access grant.
16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 16 def self.create(identity, client, scope, redirect_uri = nil, expires = nil) raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope expires_at = Time.now.to_i + (expires || 300) attributes = { :code => Server.secure_random, :identity=>identity, :scope=>scope, :client_id=>client.id, :redirect_uri=>client.redirect_uri || redirect_uri, :created_at=>Time.now.to_i, :expires_at=>expires_at } super(attributes) end |
.from_code(code) ⇒ Object
Find AccessGrant from authentication code.
11 12 13 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 11 def self.from_code(code) first(:conditions => {:code => code, :revoked => nil}) end |
Instance Method Details
#authorize! ⇒ Object
Authorize access and return new access token.
Access grant can only be redeemed once, but client can make multiple requests to obtain it, so we need to make sure only first request is successful in returning access token, futher requests raise InvalidGrantError.
40 41 42 43 44 45 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 40 def raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked access_token = AccessToken.get_token_for(identity, client, scope) update_attributes(:access_token => access_token.token, :granted_at => Time.now) access_token end |
#revoke! ⇒ Object
47 48 49 |
# File 'lib/rack/oauth2/models/access_grant.rb', line 47 def revoke! update_attributes(:revoked => Time.now) end |