lib/doorkeeper/oauth/authorization/code.rb
# frozen_string_literal: true module Doorkeeper module OAuth module Authorization class Code attr_accessor :pre_auth, :resource_owner, :token def initialize(pre_auth, resource_owner) @pre_auth = pre_auth @resource_owner = resource_owner end def issue_token @token ||= Doorkeeper.config.access_grant_model.create!(access_grant_attributes) end def oob_redirect { action: :show, code: token.plaintext_token } end private def authorization_code_expires_in Doorkeeper.config.authorization_code_expires_in end def access_grant_attributes pkce_attributes.merge( application_id: pre_auth.client.id, resource_owner_id: resource_owner.id, expires_in: authorization_code_expires_in, redirect_uri: pre_auth.redirect_uri, scopes: pre_auth.scopes.to_s, ) end def pkce_attributes return {} unless pkce_supported? { code_challenge: pre_auth.code_challenge, code_challenge_method: pre_auth.code_challenge_method, } end # Ensures firstly, if migration with additional PKCE columns was # generated and migrated def pkce_supported? Doorkeeper.config.access_grant_model.pkce_supported? end end end end end