class Rack::OAuth2::Server::Helper

Helper methods that provide access to the OAuth state during the authorization flow, and from authenticated requests. For example:

def show
  logger.info "#{oauth.client.display_name} accessing #{oauth.scope}"
end

Public Class Methods

new(request, response) click to toggle source
# File lib/rack/oauth2/server/helper.rb, line 13
def initialize(request, response)
  @request, @response = request, response
end

Public Instance Methods

access_token() click to toggle source

Returns the access token. Only applies if client authenticated.

@return [String, nil] Access token, if authenticated

# File lib/rack/oauth2/server/helper.rb, line 20
def access_token
  @access_token ||= @request.env["oauth.access_token"]
end
authenticated?() click to toggle source

True if client authenticated.

@return [true, false] True if authenticated

# File lib/rack/oauth2/server/helper.rb, line 27
def authenticated?
  !!access_token
end
authorization() click to toggle source

Returns the authorization request handle. Available when starting an authorization request (i.e. /oauth/authorize).

@return [String] Authorization handle

# File lib/rack/oauth2/server/helper.rb, line 88
def authorization
  @request_id ||= @request.env["oauth.authorization"] || @request.params["authorization"]
end
authorization=(authorization) click to toggle source

Sets the authorization request handle. Use this during the authorization flow.

@param [String] authorization handle

# File lib/rack/oauth2/server/helper.rb, line 96
def authorization=(authorization)
  @scope, @client = nil
  @request_id = authorization
end
client() click to toggle source

Returns the Client object associated with this request. Available if client authenticated, or while processing authorization request.

@return [Client, nil] Client if authenticated, or while authorizing

# File lib/rack/oauth2/server/helper.rb, line 43
def client
  if access_token
    @client ||= Server.get_access_token(access_token).client
  elsif authorization
    @client ||= Server.get_auth_request(authorization).client
  end
end
deny!(auth = nil) click to toggle source

Deny authorization request. Call this at the end of the authorization flow to signal that the user has not authorized the client. Don't render anything else. Argument required if authorization handle is not passed in the request parameter authorization.

@param [String, nil] auth Authorization handle @return 401

# File lib/rack/oauth2/server/helper.rb, line 124
def deny!(auth = nil)
  auth ||= authorization
  @response["oauth.authorization"] = auth.to_s
  @response.status = 403
end
grant!(auth, identity = nil) click to toggle source

Grant authorization request. Call this at the end of the authorization flow to signal that the user has authorized the client to access the specified identity. Don't render anything else. Argument required if authorization handle is not passed in the request parameter authorization.

@param [String, nil] authorization Authorization handle @param [String] identity Identity string @return 200

# File lib/rack/oauth2/server/helper.rb, line 110
def grant!(auth, identity = nil)
  auth, identity = authorization, auth unless identity
  @response["oauth.authorization"] = auth.to_s
  @response["oauth.identity"] = identity.to_s
  @response.status = 200
end
identity() click to toggle source

Returns the authenticated identity. Only applies if client authenticated.

@return [String, nil] Identity, if authenticated

# File lib/rack/oauth2/server/helper.rb, line 35
def identity
  @identity ||= @request.env["oauth.identity"]
end
inspect() click to toggle source
# File lib/rack/oauth2/server/helper.rb, line 138
def inspect
  authorization ? "Authorization request for #{Utils.normalize_scope(scope).join(",")} on behalf of #{client.display_name}" :
  authenticated? ? "Authenticated as #{identity}" : nil
end
list_access_tokens(identity) click to toggle source

Returns all access tokens associated with this identity.

@param [String] identity Identity string @return [Array<AccessToken>]

# File lib/rack/oauth2/server/helper.rb, line 134
def list_access_tokens(identity)
  Rack::OAuth2::Server.list_access_tokens(identity)
end
no_access!() click to toggle source

Rejects the request and returns 401 (Unauthorized). You can just return 401, but this also sets the WWW-Authenticate header the right value.

@return 401

# File lib/rack/oauth2/server/helper.rb, line 68
def no_access!
  @response["oauth.no_access"] = "true"
  @response.status = 401
end
no_scope!(scope) click to toggle source

Rejects the request and returns 403 (Forbidden). You can just return 403, but this also sets the WWW-Authenticate header the right value. Indicates which scope the client needs to make this request.

@param [String] scope The missing scope, e.g. “read” @return 403

# File lib/rack/oauth2/server/helper.rb, line 79
def no_scope!(scope)
  @response["oauth.no_scope"] = scope.to_s
  @response.status = 403
end
scope() click to toggle source

Returns scope associated with this request. Available if client authenticated, or while processing authorization request.

@return [Array<String>, nil] Scope names, e.g [“read, ”write“]

# File lib/rack/oauth2/server/helper.rb, line 55
def scope
  if access_token
    @scope ||= Server.get_access_token(access_token).scope
  elsif authorization
    @scope ||= Server.get_auth_request(authorization).scope
  end
end