class Doorkeeper::OAuth::AuthorizationCodeRequest
def before_successful_response
def before_successful_response grant.transaction do grant.lock! raise Errors::InvalidGrantReuse if grant.revoked? grant.revoke find_or_create_access_token(grant.application, grant.resource_owner_id, grant.scopes, server) end super end
def initialize(server, grant, client, parameters = {})
def initialize(server, grant, client, parameters = {}) @server = server @client = client @grant = grant @grant_type = Doorkeeper::OAuth::AUTHORIZATION_CODE @redirect_uri = parameters[:redirect_uri] @code_verifier = parameters[:code_verifier] end
def validate_client
def validate_client client.present? end
def validate_code_verifier
if either side (server or client) request pkce, check the verifier
def validate_code_verifier return true unless grant.uses_pkce? || code_verifier return false unless grant.pkce_supported? if grant.code_challenge_method == "S256" grant.code_challenge == AccessGrant.generate_code_challenge(code_verifier) elsif grant.code_challenge_method == "plain" grant.code_challenge == code_verifier else false end end
def validate_grant
def validate_grant return false unless grant && grant.application_id == client.id grant.accessible? end
def validate_params
def validate_params @missing_param = if grant&.uses_pkce? && code_verifier.blank? :code_verifier elsif redirect_uri.blank? :redirect_uri end @missing_param.nil? end
def validate_pkce_support
def validate_pkce_support @invalid_request_reason = :not_support_pkce if grant && !grant.pkce_supported? && code_verifier.present? @invalid_request_reason.nil? end
def validate_redirect_uri
def validate_redirect_uri Helpers::URIChecker.valid_for_authorization?( redirect_uri, grant.redirect_uri ) end