class Doorkeeper::Config::Builder

Default Doorkeeper configuration builder

Public Instance Methods

access_token_methods(*methods) click to toggle source

Change the way access token is authenticated from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:access_token` or `:bearer_token` params from the `params` object.

@param methods [Array] Define access token methods

# File lib/doorkeeper/config.rb, line 83
def access_token_methods(*methods)
  @config.instance_variable_set(:@access_token_methods, methods)
end
api_only() click to toggle source

Use an API mode for applications generated with –api argument It will skip applications controller, disable forgery protection

# File lib/doorkeeper/config.rb, line 134
def api_only
  @config.instance_variable_set(:@api_only, true)
end
client_credentials(*methods) click to toggle source

Change the way client credentials are retrieved from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:client_id` and `:client_secret` params from the `params` object.

@param methods [Array] Define client credentials

# File lib/doorkeeper/config.rb, line 73
def client_credentials(*methods)
  @config.instance_variable_set(:@client_credentials_methods, methods)
end
confirm_application_owner() click to toggle source
# File lib/doorkeeper/config.rb, line 30
def confirm_application_owner
  @config.instance_variable_set(:@confirm_application_owner, true)
end
default_scopes(*scopes) click to toggle source

Define default access token scopes for your provider

@param scopes [Array] Default set of access (OAuth::Scopes.new) token scopes

# File lib/doorkeeper/config.rb, line 48
def default_scopes(*scopes)
  @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes))
end
enable_application_owner(opts = {}) click to toggle source

Provide support for an owner to be assigned to each registered application (disabled by default) Optional parameter confirmation: true (default false) if you want to enforce ownership of a registered application

@param opts [Hash] the options to confirm if an application owner

is present

@option opts :confirmation (false)

Set confirm_application_owner variable
# File lib/doorkeeper/config.rb, line 25
def enable_application_owner(opts = {})
  @config.instance_variable_set(:@enable_application_owner, true)
  confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
end
enable_dynamic_scopes(opts = {}) click to toggle source

Provide support for dynamic scopes (e.g. user:*) (disabled by default) Optional parameter delimiter (default “:”) if you want to customize the delimiter separating the scope name and matching value.

@param opts [Hash] the options to configure dynamic scopes

# File lib/doorkeeper/config.rb, line 39
def enable_dynamic_scopes(opts = {})
  @config.instance_variable_set(:@enable_dynamic_scopes, true)
  @config.instance_variable_set(:@dynamic_scopes_delimiter, opts[:delimiter] || ':')
end
enforce_configured_scopes() click to toggle source

Forbids creating/updating applications with arbitrary scopes that are not in configuration, i.e. ‘default_scopes` or `optional_scopes`. (disabled by default)

# File lib/doorkeeper/config.rb, line 147
def enforce_configured_scopes
  @config.instance_variable_set(:@enforce_configured_scopes, true)
end
enforce_content_type() click to toggle source

Enforce request content type as the spec requires: disabled by default for backward compatibility.

# File lib/doorkeeper/config.rb, line 153
def enforce_content_type
  @config.instance_variable_set(:@enforce_content_type, true)
end
force_pkce() click to toggle source

Require non-confidential apps to use PKCE (send a code_verifier) when requesting an access_token using an authorization code (disabled by default)

# File lib/doorkeeper/config.rb, line 128
def force_pkce
  @config.instance_variable_set(:@force_pkce, true)
end
hash_application_secrets(using: nil, fallback: nil) click to toggle source

Allow optional hashing of application secrets before persisting them. Will be used for hashing of input token and grants.

@param using

Provide a different secret storage implementation for applications

@param fallback

Provide a fallback secret storage implementation for applications
or use :plain to fallback to plain application secrets
# File lib/doorkeeper/config.rb, line 180
def hash_application_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :application,
                        using: using || default,
                        fallback: fallback
end
hash_token_secrets(using: nil, fallback: nil) click to toggle source

Allow optional hashing of input tokens before persisting them. Will be used for hashing of input token and grants.

@param using

Provide a different secret storage implementation class for tokens

@param fallback

Provide a fallback secret storage implementation class for tokens
or use :plain to fallback to plain tokens
# File lib/doorkeeper/config.rb, line 165
def hash_token_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :token,
                        using: using || default,
                        fallback: fallback
end
optional_scopes(*scopes) click to toggle source

Define default access token scopes for your provider

@param scopes [Array] Optional set of access (OAuth::Scopes.new) token scopes

# File lib/doorkeeper/config.rb, line 56
def optional_scopes(*scopes)
  @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
end
reuse_access_token() click to toggle source

Reuse access token for the same resource owner within an application (disabled by default) Rationale: github.com/doorkeeper-gem/doorkeeper/issues/383

# File lib/doorkeeper/config.rb, line 98
def reuse_access_token
  @config.instance_variable_set(:@reuse_access_token, true)
end
revoke_previous_authorization_code_token() click to toggle source

Only allow one valid access token obtained via authorization code per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)

# File lib/doorkeeper/config.rb, line 122
def revoke_previous_authorization_code_token
  @config.instance_variable_set(:@revoke_previous_authorization_code_token, true)
end
revoke_previous_client_credentials_token() click to toggle source

TODO: maybe make it more generic for other flows too? Only allow one valid access token obtained via client credentials per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)

# File lib/doorkeeper/config.rb, line 115
def revoke_previous_client_credentials_token
  @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
end
scopes_by_grant_type(hash = {}) click to toggle source

Define scopes_by_grant_type to limit certain scope to certain grant_type @param { Hash } with grant_types as keys. Default set to {} i.e. no limitation on scopes usage

# File lib/doorkeeper/config.rb, line 63
def scopes_by_grant_type(hash = {})
  @config.instance_variable_set(:@scopes_by_grant_type, hash)
end
use_polymorphic_resource_owner() click to toggle source

Enables polymorphic Resource Owner association for Access Grant and Access Token models. Requires additional database columns to be setup.

# File lib/doorkeeper/config.rb, line 140
def use_polymorphic_resource_owner
  @config.instance_variable_set(:@polymorphic_resource_owner, true)
end
use_refresh_token(enabled = true, &block) click to toggle source

Issue access tokens with refresh token (disabled if not set)

# File lib/doorkeeper/config.rb, line 88
def use_refresh_token(enabled = true, &block)
  @config.instance_variable_set(
    :@refresh_token_enabled,
    block || enabled,
  )
end
use_url_path_for_native_authorization() click to toggle source

Choose to use the url path for native autorization codes Enabling this flag sets the authorization code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>. Rationale: github.com/doorkeeper-gem/doorkeeper/issues/1143

# File lib/doorkeeper/config.rb, line 107
def use_url_path_for_native_authorization
  @config.instance_variable_set(:@use_url_path_for_native_authorization, true)
end

Private Instance Methods

configure_secrets_for(type, using:, fallback:) click to toggle source

Configure the secret storing functionality

# File lib/doorkeeper/config.rb, line 190
def configure_secrets_for(type, using:, fallback:)
  raise ArgumentError, "Invalid type #{type}" if %i[application token].exclude?(type)

  @config.instance_variable_set(:"@#{type}_secret_strategy", using.constantize)

  if fallback.nil?
    return
  elsif fallback.to_sym == :plain
    fallback = "::Doorkeeper::SecretStoring::Plain"
  end

  @config.instance_variable_set(:"@#{type}_secret_fallback_strategy", fallback.constantize)
end