Class: Doorkeeper::Config

Inherits:
Object
  • Object
show all
Extended by:
Option
Includes:
Validations
Defined in:
lib/doorkeeper/config.rb,
lib/doorkeeper/config/option.rb,
lib/doorkeeper/config/validations.rb,
lib/doorkeeper/config/abstract_builder.rb

Overview

Doorkeeper option DSL could be reused in extensions to build their own configurations. To use the Option DSL gems need to define ‘builder_class` method that returns configuration Builder class. This exception raises when they don’t define it.

Defined Under Namespace

Modules: Option, Validations Classes: AbstractBuilder, Builder

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Option

extended, option

Methods included from Validations

#validate!

Instance Attribute Details

#application_secret_fallback_strategyObject (readonly)

Returns the value of attribute application_secret_fallback_strategy.



439
440
441
 
# File 'lib/doorkeeper/config.rb', line 439

def application_secret_fallback_strategy
  @application_secret_fallback_strategy
end

#reuse_access_tokenObject (readonly)

Returns the value of attribute reuse_access_token.



439
440
441
 
# File 'lib/doorkeeper/config.rb', line 439

def reuse_access_token
  @reuse_access_token
end

#token_secret_fallback_strategyObject (readonly)

Returns the value of attribute token_secret_fallback_strategy.



439
440
441
 
# File 'lib/doorkeeper/config.rb', line 439

def token_secret_fallback_strategy
  @token_secret_fallback_strategy
end

Instance Method Details

#access_grant_modelActiveRecord::Base, ...

Doorkeeper Access Grant model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


465
466
467
 
# File 'lib/doorkeeper/config.rb', line 465

def access_grant_model
  @access_grant_model ||= access_grant_class.constantize
end

#access_token_methodsObject 



586
587
588
589
590
591
592
 
# File 'lib/doorkeeper/config.rb', line 586

def access_token_methods
  @access_token_methods ||= %i[
    from_bearer_authorization
    from_access_token_param
    from_bearer_param
  ]
end

#access_token_modelActiveRecord::Base, ...

Doorkeeper Access Token model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


457
458
459
 
# File 'lib/doorkeeper/config.rb', line 457

def access_token_model
  @access_token_model ||= access_token_class.constantize
end

#allow_blank_redirect_uri?(application = nil) ⇒ Boolean

Returns:

  • (Boolean) 


672
673
674
675
676
677
678
 
# File 'lib/doorkeeper/config.rb', line 672

def allow_blank_redirect_uri?(application = nil)
  if allow_blank_redirect_uri.respond_to?(:call)
    allow_blank_redirect_uri.call(grant_flows, application)
  else
    allow_blank_redirect_uri
  end
end

#allow_grant_flow_for_clientBoolean

Allows to customize OAuth grant flows that each application support. You can configure a custom block (or use a class respond to ‘#call`) that must return `true` in case Application instance supports requested OAuth grant flow during the authorization request to the server. This configuration doesn’t set flows per application, it only allows to check if application supports specific grant flow.

For example you can add an additional database column to ‘oauth_applications` table, say `t.array :grant_flows, default: []`, and store allowed grant flows that can be used with this application there. Then when authorization requested Doorkeeper will call this block to check if specific Application (passed with client_id and/or client_secret) is allowed to perform the request for the specific grant type (authorization, password, client_credentials, etc).

Example of the block:

->(flow, client) { client.grant_flows.include?(flow) }

In case this option invocation result is ‘false`, Doorkeeper server returns :unauthorized_client error and stops the request.

Parameters:

  • allow_grant_flow_for_client (Proc)

    Block or any object respond to #call

Returns:

  • (Boolean)

    ‘true` if allow or `false` if forbid the request



309
 
# File 'lib/doorkeeper/config.rb', line 309

option :allow_grant_flow_for_client,    default: ->(_grant_flow, _client) { true }

#allow_grant_flow_for_client?(grant_flow, client) ⇒ Boolean

Returns:

  • (Boolean) 


680
681
682
683
684
 
# File 'lib/doorkeeper/config.rb', line 680

def allow_grant_flow_for_client?(grant_flow, client)
  return true unless option_defined?(:allow_grant_flow_for_client)

  allow_grant_flow_for_client.call(grant_flow, client)
end

#api_onlyObject 



477
478
479
 
# File 'lib/doorkeeper/config.rb', line 477

def api_only
  @api_only ||= false
end

#application_modelActiveRecord::Base, ...

Doorkeeper Application model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


473
474
475
 
# File 'lib/doorkeeper/config.rb', line 473

def application_model
  @application_model ||= application_class.constantize
end

#application_secret_hashed?Boolean

Returns:

  • (Boolean) 


548
549
550
 
# File 'lib/doorkeeper/config.rb', line 548

def application_secret_hashed?
  instance_variable_defined?(:"@application_secret_strategy")
end

#application_secret_strategyObject 



556
557
558
 
# File 'lib/doorkeeper/config.rb', line 556

def application_secret_strategy
  @application_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end

#authorization_response_flowsObject 



598
599
600
601
 
# File 'lib/doorkeeper/config.rb', line 598

def authorization_response_flows
  @authorization_response_flows ||= enabled_grant_flows.select(&:handles_response_type?) +
                                    deprecated_authorization_flows
end

#authorization_response_typesObject 



607
608
609
 
# File 'lib/doorkeeper/config.rb', line 607

def authorization_response_types
  authorization_response_flows.map(&:response_type_matches)
end

#calculate_authorization_response_typesObject

[NOTE]: deprecated and will be removed soon



643
644
645
 
# File 'lib/doorkeeper/config.rb', line 643

def calculate_authorization_response_types
  []
end

#calculate_grant_flowsObject

Calculates grant flows configured by the user in Doorkeeper configuration considering registered aliases that is exposed to single or multiple other flows.



658
659
660
661
662
663
664
665
666
667
668
669
670
 
# File 'lib/doorkeeper/config.rb', line 658

def calculate_grant_flows
  configured_flows = grant_flows.map(&:to_s)
  aliases = Doorkeeper::GrantFlow.aliases.keys.map(&:to_s)

  flows = configured_flows - aliases
  aliases.each do |flow_alias|
    next unless configured_flows.include?(flow_alias)

    flows.concat(Doorkeeper::GrantFlow.expand_alias(flow_alias))
  end

  flows.flatten.uniq
end

#calculate_token_grant_typesObject

[NOTE]: deprecated and will be removed soon



648
649
650
651
652
 
# File 'lib/doorkeeper/config.rb', line 648

def calculate_token_grant_types
  types = grant_flows - ["implicit"]
  types << "refresh_token" if refresh_token_enabled?
  types
end

#clear_cache!Object 



443
444
445
446
447
448
449
450
451
 
# File 'lib/doorkeeper/config.rb', line 443

def clear_cache!
  %i[
    application_model
    access_token_model
    access_grant_model
  ].each do |var|
    remove_instance_variable("@#{var}") if instance_variable_defined?("@#{var}")
  end
end

#client_credentials_methodsObject 



582
583
584
 
# File 'lib/doorkeeper/config.rb', line 582

def client_credentials_methods
  @client_credentials_methods ||= %i[from_basic from_params]
end

#confirm_application_owner?Boolean

Returns:

  • (Boolean) 


536
537
538
 
# File 'lib/doorkeeper/config.rb', line 536

def confirm_application_owner?
  option_set? :confirm_application_owner
end

#default_scopesObject 



560
561
562
 
# File 'lib/doorkeeper/config.rb', line 560

def default_scopes
  @default_scopes ||= OAuth::Scopes.new
end

#deprecated_authorization_flowsObject

[NOTE]: deprecated and will be removed soon



626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
 
# File 'lib/doorkeeper/config.rb', line 626

def deprecated_authorization_flows
  response_types = calculate_authorization_response_types

  if response_types.any?
    ::Kernel.warn <<~WARNING
      Please, don't patch Doorkeeper::Config#calculate_authorization_response_types method.
      Register your custom grant flows using the public API:
      `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
    WARNING
  end

  response_types.map do |response_type|
    Doorkeeper::GrantFlow::FallbackFlow.new(response_type, response_type_matches: response_type)
  end
end

#deprecated_token_grant_types_resolverObject

[NOTE]: deprecated and will be removed soon



616
617
618
 
# File 'lib/doorkeeper/config.rb', line 616

def deprecated_token_grant_types_resolver
  @deprecated_token_grant_types ||= calculate_token_grant_types
end

#dynamic_scopes_delimiterObject 



528
529
530
 
# File 'lib/doorkeeper/config.rb', line 528

def dynamic_scopes_delimiter
  @dynamic_scopes_delimiter
end

#enable_application_owner?Boolean

Returns:

  • (Boolean) 


520
521
522
 
# File 'lib/doorkeeper/config.rb', line 520

def enable_application_owner?
  option_set? :enable_application_owner
end

#enable_dynamic_scopes?Boolean

Returns:

  • (Boolean) 


524
525
526
 
# File 'lib/doorkeeper/config.rb', line 524

def enable_dynamic_scopes?
  option_set? :enable_dynamic_scopes
end

#enabled_grant_flowsObject 



594
595
596
 
# File 'lib/doorkeeper/config.rb', line 594

def enabled_grant_flows
  @enabled_grant_flows ||= calculate_grant_flows.map { |name| Doorkeeper::GrantFlow.get(name) }.compact
end

#enforce_configured_scopes?Boolean

Returns:

  • (Boolean) 


516
517
518
 
# File 'lib/doorkeeper/config.rb', line 516

def enforce_configured_scopes?
  option_set? :enforce_configured_scopes
end

#enforce_content_typeObject 



481
482
483
 
# File 'lib/doorkeeper/config.rb', line 481

def enforce_content_type
  @enforce_content_type ||= false
end

#force_pkce?Boolean

Returns:

  • (Boolean) 


512
513
514
 
# File 'lib/doorkeeper/config.rb', line 512

def force_pkce?
  option_set? :force_pkce
end

#native_authorization_code_routeObject 



620
621
622
623
 
# File 'lib/doorkeeper/config.rb', line 620

def native_authorization_code_route
  @use_url_path_for_native_authorization = false unless defined?(@use_url_path_for_native_authorization)
  @use_url_path_for_native_authorization ? '/:code' : '/native'
end

#option_defined?(name) ⇒ Boolean

Returns:

  • (Boolean) 


686
687
688
 
# File 'lib/doorkeeper/config.rb', line 686

def option_defined?(name)
  instance_variable_defined?("@#{name}")
end

#optional_scopesObject 



564
565
566
 
# File 'lib/doorkeeper/config.rb', line 564

def optional_scopes
  @optional_scopes ||= OAuth::Scopes.new
end

#pkce_code_challenge_methods_supportedObject 



576
577
578
579
580
 
# File 'lib/doorkeeper/config.rb', line 576

def pkce_code_challenge_methods_supported
  return [] unless access_grant_model.pkce_supported?
  
  pkce_code_challenge_methods
end

#polymorphic_resource_owner?Boolean

Returns:

  • (Boolean) 


532
533
534
 
# File 'lib/doorkeeper/config.rb', line 532

def polymorphic_resource_owner?
  option_set? :polymorphic_resource_owner
end

#raise_on_errors?Boolean

Returns:

  • (Boolean) 


540
541
542
 
# File 'lib/doorkeeper/config.rb', line 540

def raise_on_errors?
  handle_auth_errors == :raise
end

#redirect_on_errors?Boolean

Returns:

  • (Boolean) 


544
545
546
 
# File 'lib/doorkeeper/config.rb', line 544

def redirect_on_errors?
  handle_auth_errors == :redirect
end

#refresh_token_enabled?Boolean

Returns:

  • (Boolean) 


485
486
487
488
489
490
491
 
# File 'lib/doorkeeper/config.rb', line 485

def refresh_token_enabled?
  if defined?(@refresh_token_enabled)
    @refresh_token_enabled
  else
    false
  end
end

#resolve_controller(name) ⇒ Object 



493
494
495
496
497
498
499
500
501
502
 
# File 'lib/doorkeeper/config.rb', line 493

def resolve_controller(name)
  config_option = public_send(:"#{name}_controller")
  controller_name = if config_option.respond_to?(:call)
                      instance_exec(&config_option)
                    else
                      config_option
                    end

  controller_name.constantize
end

#revoke_previous_authorization_code_token?Boolean

Returns:

  • (Boolean) 


508
509
510
 
# File 'lib/doorkeeper/config.rb', line 508

def revoke_previous_authorization_code_token?
  option_set? :revoke_previous_authorization_code_token
end

#revoke_previous_client_credentials_token?Boolean

Returns:

  • (Boolean) 


504
505
506
 
# File 'lib/doorkeeper/config.rb', line 504

def revoke_previous_client_credentials_token?
  option_set? :revoke_previous_client_credentials_token
end

#scopesObject 



568
569
570
 
# File 'lib/doorkeeper/config.rb', line 568

def scopes
  @scopes ||= default_scopes + optional_scopes
end

#scopes_by_grant_typeObject 



572
573
574
 
# File 'lib/doorkeeper/config.rb', line 572

def scopes_by_grant_type
  @scopes_by_grant_type ||= {}
end

#token_grant_flowsObject 



603
604
605
 
# File 'lib/doorkeeper/config.rb', line 603

def token_grant_flows
  @token_grant_flows ||= calculate_token_grant_flows
end

#token_grant_typesObject 



611
612
613
 
# File 'lib/doorkeeper/config.rb', line 611

def token_grant_types
  token_grant_flows.map(&:grant_type_matches)
end

#token_secret_strategyObject 



552
553
554
 
# File 'lib/doorkeeper/config.rb', line 552

def token_secret_strategy
  @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end