Class: Zaikio::AccessToken

Inherits:

ApplicationRecord

• Object
• ApplicationRecord
• Zaikio::AccessToken

Defined in:

app/models/zaikio/access_token.rb

Class Method Summary

• .build_from_access_token(access_token, requested_scopes: nil, include_refresh_token: true) ⇒ Object
• .refresh_token_valid_for ⇒ Object

Instance Method Summary

• #bearer_klass ⇒ Object
• #expired? ⇒ Boolean
• #expires_in ⇒ Object
• #organization? ⇒ Boolean
• #refresh! ⇒ Object
• #revoke! ⇒ Object

Class Method Details

.build_from_access_token(access_token, requested_scopes: nil, include_refresh_token: true) ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 12

def self.build_from_access_token(access_token, requested_scopes: nil, include_refresh_token: true)
  payload = JWT.decode(access_token.token, nil, false).first rescue {} # rubocop:disable Style/RescueModifier
  scopes = access_token.params["scope"].split(",")
  new(
    id: payload["jti"],
    bearer_type: access_token.params["bearer"]["type"],
    bearer_id: access_token.params["bearer"]["id"],
    audience: access_token.params["audiences"].first,
    token: access_token.token,
    refresh_token: (access_token.refresh_token if include_refresh_token),
    expires_at: Time.strptime(access_token.expires_at.to_s, "%s"),
    scopes: scopes,
    requested_scopes: requested_scopes || scopes
  )
end

.refresh_token_valid_for ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 28

def self.refresh_token_valid_for
  7.days
end

Instance Method Details

#bearer_klass ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 69

def bearer_klass
  return unless Zaikio.const_defined?("Hub::Models", false)

  if Zaikio::Hub::Models.configuration.respond_to?(:"#{bearer_type.underscore}_class_name")
    Zaikio::Hub::Models.configuration.public_send(:"#{bearer_type.underscore}_class_name").constantize
  else
    "Zaikio::#{bearer_type}".constantize
  end
end

#expired? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/zaikio/access_token.rb', line 57

def expired?
  expires_at < Time.current
end

#expires_in ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 65

def expires_in
  (expires_at - Time.current).to_i
end

#organization? ⇒ Boolean

Returns:

• (Boolean)

# File 'app/models/zaikio/access_token.rb', line 61

def organization?
  bearer_type == "Organization"
end

#refresh! ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 79

def refresh!
  return unless refresh_token?

  Zaikio::OAuthClient.with_oauth_scheme(:basic_auth) do
    refreshed_token = OAuth2::AccessToken.from_hash(
      Zaikio::OAuthClient.for(audience),
      attributes.slice("token", "refresh_token")
    ).refresh!

    destroy

    self.class.build_from_access_token(refreshed_token, requested_scopes: requested_scopes).tap(&:save!)
  end
rescue OAuth2::Error => e
  raise unless e.code == "invalid_grant"

  destroy
  nil
end

#revoke! ⇒ Object

# File 'app/models/zaikio/access_token.rb', line 99

def revoke!
  return unless Zaikio.const_defined?("Hub::RevokedAccessToken", false)

  Zaikio::Hub.with_token(token) do
    Zaikio::Hub::RevokedAccessToken.create
  end
rescue Zaikio::ConnectionError => e
  Zaikio::OAuthClient.configuration.logger.warn "Access Token #{id} could not be revoked: #{e.message}"
end