Class: Rack::OAuth2::Server::AccessGrant

Inherits:
ActiveRecord::Base
  • Object
show all
Defined in:
lib/rack/oauth2/models/access_grant.rb

Overview

The access grant is a nonce, new grant created each time we need it and good for redeeming one access token.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.create(identity, client, scope, redirect_uri = nil, expires = nil) ⇒ Object

Create a new access grant.

Raises:

  • (ArgumentError)


16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
# File 'lib/rack/oauth2/models/access_grant.rb', line 16

def self.create(identity, client, scope, redirect_uri = nil, expires = nil)
  raise ArgumentError, "Identity must be String or Integer" unless String === identity || Integer === identity
  scope = Utils.normalize_scope(scope) & Utils.normalize_scope(client.scope) # Only allowed scope
  expires_at = Time.now.to_i + (expires || 300)

  attributes = {
    :code => Server.secure_random,
    :identity=>identity,
    :scope=>scope,
    :client_id=>client.id,
    :redirect_uri=>client.redirect_uri || redirect_uri,
    :created_at=>Time.now.to_i,
    :expires_at=>expires_at
  }

  super(attributes)
end

.from_code(code) ⇒ Object

Find AccessGrant from authentication code.



11
12
13
# File 'lib/rack/oauth2/models/access_grant.rb', line 11

def self.from_code(code)
  first(:conditions => {:code => code, :revoked => nil})
end

Instance Method Details

#authorize!Object

Authorize access and return new access token.

Access grant can only be redeemed once, but client can make multiple requests to obtain it, so we need to make sure only first request is successful in returning access token, futher requests raise InvalidGrantError.

Raises:



40
41
42
43
44
45
# File 'lib/rack/oauth2/models/access_grant.rb', line 40

def authorize!
  raise InvalidGrantError, "You can't use the same access grant twice" if self.access_token || self.revoked
  access_token = AccessToken.get_token_for(identity, client, scope)
  update_attributes(:access_token => access_token.token, :granted_at => Time.now)
  access_token
end

#revoke!Object



47
48
49
# File 'lib/rack/oauth2/models/access_grant.rb', line 47

def revoke!
  update_attributes(:revoked => Time.now)
end