class Doorkeeper::OAuth::AuthorizationCodeRequest

def before_successful_response 

def before_successful_response
  grant.transaction do
    grant.lock!
    raise Errors::InvalidGrantReuse if grant.revoked?
    if Doorkeeper.config.revoke_previous_authorization_code_token?
      revoke_previous_tokens(grant.application, resource_owner)
    end
    grant.revoke
    find_or_create_access_token(
      client,
      resource_owner,
      grant.scopes,
      custom_token_attributes_with_data,
      server,
    )
  end
  super
end

def confidential? 

def confidential?
  client&.confidential
end

def custom_token_attributes_with_data 

def custom_token_attributes_with_data
  grant
    .attributes
    .with_indifferent_access
    .slice(*Doorkeeper.config.custom_access_token_attributes)
    .symbolize_keys
end

def generate_code_challenge(code_verifier) 

def generate_code_challenge(code_verifier)
  Doorkeeper.config.access_grant_model.generate_code_challenge(code_verifier)
end

def initialize(server, grant, client, parameters = {}) 

def initialize(server, grant, client, parameters = {})
  @server = server
  @client = client
  @grant  = grant
  @grant_type = Doorkeeper::OAuth::AUTHORIZATION_CODE
  @redirect_uri = parameters[:redirect_uri]
  @code_verifier = parameters[:code_verifier]
end

def pkce_supported? 

def pkce_supported?
  Doorkeeper.config.access_grant_model.pkce_supported?
end

def resource_owner 

def resource_owner
  if Doorkeeper.config.polymorphic_resource_owner?
    grant.resource_owner
  else
    grant.resource_owner_id
  end
end

def revoke_previous_tokens(application, resource_owner) 

def revoke_previous_tokens(application, resource_owner)
  Doorkeeper.config.access_token_model.revoke_all_for(application.id, resource_owner)
end

def validate_client 

def validate_client
  client.present?
end

def validate_code_verifier

against the DB - if PKCE is supported
if either side (server or client) request PKCE, check the verifier 
def validate_code_verifier
  return true unless pkce_supported?
  return grant.code_challenge.blank? if code_verifier.blank?
  if grant.code_challenge_method == "S256"
    grant.code_challenge == generate_code_challenge(code_verifier)
  elsif grant.code_challenge_method == "plain"
    grant.code_challenge == code_verifier
  else
    false
  end
end

def validate_grant 

def validate_grant
  return false unless grant && grant.application_id == client.id
  grant.accessible?
end

def validate_params 

def validate_params
  @missing_param =
    if grant&.uses_pkce? && code_verifier.blank?
      :code_verifier
    elsif !confidential? && Doorkeeper.config.force_pkce? && code_verifier.blank?
      :code_verifier
    elsif redirect_uri.blank?
      :redirect_uri
    end
  @missing_param.nil?
end

def validate_redirect_uri 

def validate_redirect_uri
  Helpers::URIChecker.valid_for_authorization?(
    redirect_uri,
    grant.redirect_uri,
  )
end