Class: Doorkeeper::Config::Builder

Inherits:

AbstractBuilder

• Object
• AbstractBuilder
• Doorkeeper::Config::Builder

Defined in:

lib/doorkeeper/config.rb

Overview

Default Doorkeeper configuration builder

Instance Attribute Summary

Attributes inherited from AbstractBuilder

#config

Instance Method Summary

• #access_token_methods(*methods) ⇒ Object

  Change the way access token is authenticated from the request object.

• #api_only ⇒ Object

  Use an API mode for applications generated with –api argument It will skip applications controller, disable forgery protection.

• #client_credentials(*methods) ⇒ Object

  Change the way client credentials are retrieved from the request object.

• #confirm_application_owner ⇒ Object
• #default_scopes(*scopes) ⇒ Object

  Define default access token scopes for your provider.

• #enable_application_owner(opts = {}) ⇒ Object

  Provide support for an owner to be assigned to each registered application (disabled by default) Optional parameter confirmation: true (default false) if you want to enforce ownership of a registered application.

• #enable_dynamic_scopes(opts = {}) ⇒ Object

  Provide support for dynamic scopes (e.g. user:*) (disabled by default) Optional parameter delimiter (default “:”) if you want to customize the delimiter separating the scope name and matching value.

• #enforce_configured_scopes ⇒ Object

  Forbids creating/updating applications with arbitrary scopes that are not in configuration, i.e.

• #enforce_content_type ⇒ Object

  Enforce request content type as the spec requires: disabled by default for backward compatibility.

• #force_pkce ⇒ Object

  Require non-confidential apps to use PKCE (send a code_verifier) when requesting an access_token using an authorization code (disabled by default).

• #hash_application_secrets(using: nil, fallback: nil) ⇒ Object

  Allow optional hashing of application secrets before persisting them.

• #hash_token_secrets(using: nil, fallback: nil) ⇒ Object

  Allow optional hashing of input tokens before persisting them.

• #optional_scopes(*scopes) ⇒ Object

  Define default access token scopes for your provider.

• #reuse_access_token ⇒ Object

  Reuse access token for the same resource owner within an application (disabled by default) Rationale: github.com/doorkeeper-gem/doorkeeper/issues/383.

• #revoke_previous_authorization_code_token ⇒ Object

  Only allow one valid access token obtained via authorization code per client.

• #revoke_previous_client_credentials_token ⇒ Object

  TODO: maybe make it more generic for other flows too? Only allow one valid access token obtained via client credentials per client.

• #scopes_by_grant_type(hash = {}) ⇒ Object

  Define scopes_by_grant_type to limit certain scope to certain grant_type Default set to {} i.e.

• #use_polymorphic_resource_owner ⇒ Object

  Enables polymorphic Resource Owner association for Access Grant and Access Token models.

• #use_refresh_token(enabled = true, &block) ⇒ Object

  Issue access tokens with refresh token (disabled if not set).

• #use_url_path_for_native_authorization ⇒ Object

  Choose to use the url path for native autorization codes Enabling this flag sets the authorization code response route for native redirect uris to oauth/authorize/<code>.

Methods inherited from AbstractBuilder

#build, #initialize

Constructor Details

This class inherits a constructor from Doorkeeper::Config::AbstractBuilder

Instance Method Details

#access_token_methods(*methods) ⇒ Object

Change the way access token is authenticated from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:access_token` or `:bearer_token` params from the `params` object.

Parameters:

• methods (Array) —

  Define access token methods

# File 'lib/doorkeeper/config.rb', line 83

def access_token_methods(*methods)
  @config.instance_variable_set(:@access_token_methods, methods)
end

#api_only ⇒ Object

Use an API mode for applications generated with –api argument It will skip applications controller, disable forgery protection

# File 'lib/doorkeeper/config.rb', line 134

def api_only
  @config.instance_variable_set(:@api_only, true)
end

#client_credentials(*methods) ⇒ Object

Change the way client credentials are retrieved from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:client_id` and `:client_secret` params from the `params` object.

Parameters:

• methods (Array) —

  Define client credentials

# File 'lib/doorkeeper/config.rb', line 73

def client_credentials(*methods)
  @config.instance_variable_set(:@client_credentials_methods, methods)
end

#confirm_application_owner ⇒ Object

# File 'lib/doorkeeper/config.rb', line 30

def confirm_application_owner
  @config.instance_variable_set(:@confirm_application_owner, true)
end

#default_scopes(*scopes) ⇒ Object

Define default access token scopes for your provider

token scopes

Parameters:

• scopes (Array) —

  Default set of access (OAuth::Scopes.new)

# File 'lib/doorkeeper/config.rb', line 48

def default_scopes(*scopes)
  @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes))
end

#enable_application_owner(opts = {}) ⇒ Object

Provide support for an owner to be assigned to each registered application (disabled by default) Optional parameter confirmation: true (default false) if you want to enforce ownership of a registered application

Parameters:

• opts (Hash) (defaults to: {}) —

  the options to confirm if an application owner is present

• opts[Boolean] (Hash) —

  a customizable set of options

# File 'lib/doorkeeper/config.rb', line 25

def enable_application_owner(opts = {})
  @config.instance_variable_set(:@enable_application_owner, true)
  confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
end

#enable_dynamic_scopes(opts = {}) ⇒ Object

Provide support for dynamic scopes (e.g. user:*) (disabled by default) Optional parameter delimiter (default “:”) if you want to customize the delimiter separating the scope name and matching value.

Parameters:

• opts (Hash) (defaults to: {}) —

  the options to configure dynamic scopes

# File 'lib/doorkeeper/config.rb', line 39

def enable_dynamic_scopes(opts = {})
  @config.instance_variable_set(:@enable_dynamic_scopes, true)
  @config.instance_variable_set(:@dynamic_scopes_delimiter, opts[:delimiter] || ':')
end

#enforce_configured_scopes ⇒ Object

Forbids creating/updating applications with arbitrary scopes that are not in configuration, i.e. ‘default_scopes` or `optional_scopes`. (disabled by default)

# File 'lib/doorkeeper/config.rb', line 147

def enforce_configured_scopes
  @config.instance_variable_set(:@enforce_configured_scopes, true)
end

#enforce_content_type ⇒ Object

Enforce request content type as the spec requires: disabled by default for backward compatibility.

# File 'lib/doorkeeper/config.rb', line 153

def enforce_content_type
  @config.instance_variable_set(:@enforce_content_type, true)
end

#force_pkce ⇒ Object

Require non-confidential apps to use PKCE (send a code_verifier) when requesting an access_token using an authorization code (disabled by default)

# File 'lib/doorkeeper/config.rb', line 128

def force_pkce
  @config.instance_variable_set(:@force_pkce, true)
end

#hash_application_secrets(using: nil, fallback: nil) ⇒ Object

Allow optional hashing of application secrets before persisting them. Will be used for hashing of input token and grants.

Parameters:

• using (defaults to: nil) —

  Provide a different secret storage implementation for applications

• fallback (defaults to: nil) —

  Provide a fallback secret storage implementation for applications or use :plain to fallback to plain application secrets

# File 'lib/doorkeeper/config.rb', line 180

def hash_application_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :application,
                        using: using || default,
                        fallback: fallback
end

#hash_token_secrets(using: nil, fallback: nil) ⇒ Object

Allow optional hashing of input tokens before persisting them. Will be used for hashing of input token and grants.

Parameters:

• using (defaults to: nil) —

  Provide a different secret storage implementation class for tokens

• fallback (defaults to: nil) —

  Provide a fallback secret storage implementation class for tokens or use :plain to fallback to plain tokens

# File 'lib/doorkeeper/config.rb', line 165

def hash_token_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :token,
                        using: using || default,
                        fallback: fallback
end

#optional_scopes(*scopes) ⇒ Object

Define default access token scopes for your provider

token scopes

Parameters:

• scopes (Array) —

  Optional set of access (OAuth::Scopes.new)

# File 'lib/doorkeeper/config.rb', line 56

def optional_scopes(*scopes)
  @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
end

#reuse_access_token ⇒ Object

Reuse access token for the same resource owner within an application (disabled by default) Rationale: github.com/doorkeeper-gem/doorkeeper/issues/383

# File 'lib/doorkeeper/config.rb', line 98

def reuse_access_token
  @config.instance_variable_set(:@reuse_access_token, true)
end

#revoke_previous_authorization_code_token ⇒ Object

Only allow one valid access token obtained via authorization code per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)

# File 'lib/doorkeeper/config.rb', line 122

def revoke_previous_authorization_code_token
  @config.instance_variable_set(:@revoke_previous_authorization_code_token, true)
end

#revoke_previous_client_credentials_token ⇒ Object

TODO: maybe make it more generic for other flows too? Only allow one valid access token obtained via client credentials per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)

# File 'lib/doorkeeper/config.rb', line 115

def revoke_previous_client_credentials_token
  @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
end

#scopes_by_grant_type(hash = {}) ⇒ Object

Define scopes_by_grant_type to limit certain scope to certain grant_type Default set to {} i.e. no limitation on scopes usage

Parameters:

• with (Hash) —

  grant_types as keys.

# File 'lib/doorkeeper/config.rb', line 63

def scopes_by_grant_type(hash = {})
  @config.instance_variable_set(:@scopes_by_grant_type, hash)
end

#use_polymorphic_resource_owner ⇒ Object

Enables polymorphic Resource Owner association for Access Grant and Access Token models. Requires additional database columns to be setup.

# File 'lib/doorkeeper/config.rb', line 140

def use_polymorphic_resource_owner
  @config.instance_variable_set(:@polymorphic_resource_owner, true)
end

#use_refresh_token(enabled = true, &block) ⇒ Object

Issue access tokens with refresh token (disabled if not set)

# File 'lib/doorkeeper/config.rb', line 88

def use_refresh_token(enabled = true, &block)
  @config.instance_variable_set(
    :@refresh_token_enabled,
    block || enabled,
  )
end

#use_url_path_for_native_authorization ⇒ Object

Choose to use the url path for native autorization codes Enabling this flag sets the authorization code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>. Rationale: github.com/doorkeeper-gem/doorkeeper/issues/1143

# File 'lib/doorkeeper/config.rb', line 107

def use_url_path_for_native_authorization
  @config.instance_variable_set(:@use_url_path_for_native_authorization, true)
end