lib/doorkeeper/oauth/client_credentials/creator.rb



# frozen_string_literal: true

module Doorkeeper
  module OAuth
    module ClientCredentials
      class Creator
        def call(client, scopes, attributes = {})
          existing_token = nil

          if lookup_existing_token?
            existing_token = find_active_existing_token_for(client, scopes)
            return existing_token if Doorkeeper.config.reuse_access_token && existing_token&.reusable?
          end

          with_revocation(existing_token: existing_token) do
            application = client.is_a?(Doorkeeper.config.application_model) ? client : client&.application
            Doorkeeper.config.access_token_model.create_for(
              application: application,
              resource_owner: nil,
              scopes: scopes,
              **attributes,
            )
          end
        end

        private

        def with_revocation(existing_token:)
          if existing_token && Doorkeeper.config.revoke_previous_client_credentials_token?
            existing_token.with_lock do
              raise Errors::DoorkeeperError, :invalid_token_reuse if existing_token.revoked?

              existing_token.revoke

              yield
            end
          else
            yield
          end
        end

        def lookup_existing_token?
          Doorkeeper.config.reuse_access_token ||
            Doorkeeper.config.revoke_previous_client_credentials_token?
        end

        def find_active_existing_token_for(client, scopes)
          Doorkeeper.config.access_token_model.matching_token_for(client, nil, scopes, include_expired: false)
        end
      end
    end
  end
end