module Doorkeeper::AccessTokenMixin::ClassMethods

def authorized_tokens_for(application_id, resource_owner_id)

Returns:
  • (Doorkeeper::AccessToken) - array of matching AccessToken objects

Parameters:
  • resource_owner_id (Integer) --
  • application_id (Integer) -- 
def authorized_tokens_for(application_id, resource_owner_id)
  where(application_id: application_id,
        resource_owner_id: resource_owner_id,
        revoked_at: nil)
end

def by_refresh_token(refresh_token)

Returns:
  • (Doorkeeper::AccessToken, nil) - AccessToken object or nil

Parameters:
  • refresh_token (#to_s) -- 
def by_refresh_token(refresh_token)
  find_by_plaintext_token(:refresh_token, refresh_token)
end

def by_token(token)

Returns:
  • (Doorkeeper::AccessToken, nil) - AccessToken object or nil

Parameters:
  • token (#to_s) -- 
def by_token(token)
  find_by_plaintext_token(:token, token)
end

def fallback_secret_strategy

Unless configured, there will be no fallback
Determine the fallback storing strategy
# 
def fallback_secret_strategy
  ::Doorkeeper.configuration.token_secret_fallback_strategy
end

def find_access_token_in_batches(relation, *args, &block)


to bloat the memory. Could be overloaded in any ORM extension.
Interface to enumerate access token records in batches in order not 
def find_access_token_in_batches(relation, *args, &block)
  relation.find_in_batches(*args, &block)
end

def find_matching_token(relation, application, scopes)

Returns:
  • (Doorkeeper::AccessToken, nil) - Access Token instance or

Parameters:
  • scopes (String, Doorkeeper::OAuth::Scopes) --
  • application (Doorkeeper::Application) --
  • relation (ActiveRecord::Relation) -- 
def find_matching_token(relation, application, scopes)
  return nil unless relation
  matching_tokens = []
  batch_size = Doorkeeper.configuration.token_lookup_batch_size
  find_access_token_in_batches(relation, batch_size: batch_size) do |batch|
    tokens = batch.select do |token|
      scopes_match?(token.scopes, scopes, application.try(:scopes))
    end
    matching_tokens.concat(tokens)
  end
  matching_tokens.max_by(&:created_at)
end

def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)

Returns:
  • (Doorkeeper::AccessToken) - existing record or a new one

Parameters:
  • use_refresh_token (Boolean) --
  • expires_in (Integer) --
  • scopes (#to_s) --
  • resource_owner_id (ActiveRecord::Base, Integer) --
  • application (Doorkeeper::Application) -- 
def find_or_create_for(application, resource_owner_id, scopes, expires_in, use_refresh_token)
  if Doorkeeper.configuration.reuse_access_token
    access_token = matching_token_for(application, resource_owner_id, scopes)
    return access_token if access_token&.reusable?
  end
  create!(
    application_id: application.try(:id),
    resource_owner_id: resource_owner_id,
    scopes: scopes.to_s,
    expires_in: expires_in,
    use_refresh_token: use_refresh_token
  )
end

def last_authorized_token_for(application_id, resource_owner_id)

Returns:
  • (Doorkeeper::AccessToken, nil) - matching AccessToken object or

Parameters:
  • resource_owner_id (Integer) --
  • application_id (Integer) -- 
def last_authorized_token_for(application_id, resource_owner_id)
  authorized_tokens_for(application_id, resource_owner_id)
    .ordered_by(:created_at, :desc).first
end

def matching_token_for(application, resource_owner_or_id, scopes)

Returns:
  • (Doorkeeper::AccessToken, nil) - Access Token instance or

Parameters:
  • scopes (String, Doorkeeper::OAuth::Scopes) --
  • resource_owner_or_id (ActiveRecord::Base, Integer) --
  • application (Doorkeeper::Application) -- 
def matching_token_for(application, resource_owner_or_id, scopes)
  resource_owner_id = if resource_owner_or_id.respond_to?(:to_key)
                        resource_owner_or_id.id
                      else
                        resource_owner_or_id
                      end
  tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
  find_matching_token(tokens, application, scopes)
end

def revoke_all_for(application_id, resource_owner, clock = Time)

Parameters:
  • resource_owner (ActiveRecord::Base) --
  • application_id (Integer) -- 
def revoke_all_for(application_id, resource_owner, clock = Time)
  where(application_id: application_id,
        resource_owner_id: resource_owner.id,
        revoked_at: nil)
    .update_all(revoked_at: clock.now.utc)
end

def scopes_match?(token_scopes, param_scopes, app_scopes)

Returns:
  • (Boolean) - true if the param scopes match the token scopes,

Parameters:
  • app_scopes (Doorkeeper::OAuth::Scopes) --
  • param_scopes (Doorkeeper::OAuth::Scopes) --
  • token_scopes (#to_s) -- 
def scopes_match?(token_scopes, param_scopes, app_scopes)
  return true if token_scopes.empty? && param_scopes.empty?
  (token_scopes.sort == param_scopes.sort) &&
    Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
      scope_str: param_scopes.to_s,
      server_scopes: Doorkeeper.configuration.scopes,
      app_scopes: app_scopes
    )
end

def secret_strategy

Unless configured otherwise, uses the plain secret strategy
Determines the secret storing transformer
# 
def secret_strategy
  ::Doorkeeper.configuration.token_secret_strategy
end