module Doorkeeper::AccessTokenMixin

Public Instance Methods

acceptable?(scopes) click to toggle source

Indicates if token is acceptable for specific scopes.

@param scopes [Array<String>] scopes

@return [Boolean] true if record is accessible and includes scopes or

false in other cases
# File lib/doorkeeper/models/access_token_mixin.rb, line 403
def acceptable?(scopes)
  accessible? && includes_scope?(*scopes)
end
as_json(_options = {}) click to toggle source

JSON representation of the Access Token instance.

@return [Hash] hash with token data

# File lib/doorkeeper/models/access_token_mixin.rb, line 347
def as_json(_options = {})
  {
    resource_owner_id: resource_owner_id,
    scope: scopes,
    expires_in: expires_in_seconds,
    application: { uid: application.try(:uid) },
    created_at: created_at.to_i,
  }.tap do |json|
    if Doorkeeper.configuration.polymorphic_resource_owner?
      json[:resource_owner_type] = resource_owner_type
    end
  end
end
custom_attributes() click to toggle source

The token’s custom attributes, as defined by the custom_access_token_attributes config option.

@return [Hash] hash of custom access token attributes.

# File lib/doorkeeper/models/access_token_mixin.rb, line 365
def custom_attributes
  self.class.extract_custom_attributes(attributes)
end
plaintext_refresh_token() click to toggle source

We keep a volatile copy of the raw refresh token for initial communication The stored refresh_token may be mapped and not available in cleartext.

# File lib/doorkeeper/models/access_token_mixin.rb, line 409
def plaintext_refresh_token
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :refresh_token)
  else
    @raw_refresh_token
  end
end
plaintext_token() click to toggle source

We keep a volatile copy of the raw token for initial communication The stored refresh_token may be mapped and not available in cleartext.

Some strategies allow restoring stored secrets (e.g. symmetric encryption) while hashing strategies do not, so you cannot rely on this value returning a present value for persisted tokens.

# File lib/doorkeeper/models/access_token_mixin.rb, line 423
def plaintext_token
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :token)
  else
    @raw_token
  end
end
revoke_previous_refresh_token!() click to toggle source

Revokes token with ‘:refresh_token` equal to `:previous_refresh_token` and clears `:previous_refresh_token` attribute.

# File lib/doorkeeper/models/access_token_mixin.rb, line 434
def revoke_previous_refresh_token!
  return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?

  old_refresh_token&.revoke
  update_attribute(:previous_refresh_token, "")
end
same_credential?(access_token) click to toggle source

Indicates whether the token instance have the same credential as the other Access Token.

@param access_token [Doorkeeper::AccessToken] other token

@return [Boolean] true if credentials are same of false in other cases

# File lib/doorkeeper/models/access_token_mixin.rb, line 376
def same_credential?(access_token)
  application_id == access_token.application_id &&
    same_resource_owner?(access_token)
end
same_resource_owner?(access_token) click to toggle source

Indicates whether the token instance have the same credential as the other Access Token.

@param access_token [Doorkeeper::AccessToken] other token

@return [Boolean] true if credentials are same of false in other cases

# File lib/doorkeeper/models/access_token_mixin.rb, line 388
def same_resource_owner?(access_token)
  if Doorkeeper.configuration.polymorphic_resource_owner?
    resource_owner == access_token.resource_owner
  else
    resource_owner_id == access_token.resource_owner_id
  end
end
token_type() click to toggle source

Access Token type: Bearer. @see datatracker.ietf.org/doc/html/rfc6750

The OAuth 2.0 Authorization Framework: Bearer Token Usage
# File lib/doorkeeper/models/access_token_mixin.rb, line 335
def token_type
  "Bearer"
end
use_refresh_token?() click to toggle source
# File lib/doorkeeper/models/access_token_mixin.rb, line 339
def use_refresh_token?
  @use_refresh_token ||= false
  !!@use_refresh_token
end

Private Instance Methods

attributes_for_token_generator() click to toggle source

Set of attributes that would be passed to token generator to generate unique token based on them.

@return [Hash] set of attributes
# File lib/doorkeeper/models/access_token_mixin.rb, line 485
def attributes_for_token_generator
  {
    resource_owner_id: resource_owner_id,
    scopes: scopes,
    application: application,
    expires_in: expires_in,
    created_at: created_at,
  }.tap do |attributes|
    if Doorkeeper.config.polymorphic_resource_owner?
      attributes[:resource_owner] = resource_owner
    end

    Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
      attributes[attribute_name] = public_send(attribute_name)
    end
  end
end
generate_refresh_token() click to toggle source

Generates refresh token with UniqueToken generator.

@return [String] refresh token value

# File lib/doorkeeper/models/access_token_mixin.rb, line 457
def generate_refresh_token
  @raw_refresh_token = UniqueToken.generate
  secret_strategy.store_secret(self, :refresh_token, @raw_refresh_token)
end
generate_token() click to toggle source

Generates and sets the token value with the configured Generator class (see Doorkeeper.config).

@return [String] generated token value

@raise [Doorkeeper::Errors::UnableToGenerateToken]

custom class doesn't implement .generate method

@raise [Doorkeeper::Errors::TokenGeneratorNotFound]

custom class doesn't exist
# File lib/doorkeeper/models/access_token_mixin.rb, line 472
def generate_token
  self.created_at ||= Time.now.utc

  @raw_token = token_generator.generate(attributes_for_token_generator)
  secret_strategy.store_secret(self, :token, @raw_token)
  @raw_token
end
old_refresh_token() click to toggle source

Searches for Access Token record with ‘:refresh_token` equal to `:previous_refresh_token` value.

@return [Doorkeeper::AccessToken, nil]

Access Token record or nil if nothing found
# File lib/doorkeeper/models/access_token_mixin.rb, line 449
def old_refresh_token
  @old_refresh_token ||= self.class.by_previous_refresh_token(previous_refresh_token)
end
token_generator() click to toggle source
# File lib/doorkeeper/models/access_token_mixin.rb, line 503
def token_generator
  generator_name = Doorkeeper.config.access_token_generator
  generator = generator_name.constantize

  return generator if generator.respond_to?(:generate)

  raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
rescue NameError
  raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
end