module Doorkeeper::AccessTokenMixin

def acceptable?(scopes)

Returns:
  • (Boolean) - true if record is accessible and includes scopes or

Parameters:
  • scopes (Array) -- scopes 
def acceptable?(scopes)
  accessible? && includes_scope?(*scopes)
end

def as_json(_options = {})

Returns:
  • (Hash) - hash with token data 
def as_json(_options = {})
  {
    resource_owner_id: resource_owner_id,
    scope: scopes,
    expires_in: expires_in_seconds,
    application: { uid: application.try(:uid) },
    created_at: created_at.to_i,
  }.tap do |json|
    if Doorkeeper.configuration.polymorphic_resource_owner?
      json[:resource_owner_type] = resource_owner_type
    end
  end
end

def attributes_for_token_generator

Returns:
  • (Hash) - set of attributes 
def attributes_for_token_generator
  {
    resource_owner_id: resource_owner_id,
    scopes: scopes,
    application: application,
    expires_in: expires_in,
    created_at: created_at,
  }.tap do |attributes|
    if Doorkeeper.config.polymorphic_resource_owner?
      attributes[:resource_owner] = resource_owner
    end
    Doorkeeper.config.custom_access_token_attributes.each do |attribute_name|
      attributes[attribute_name] = public_send(attribute_name)
    end
  end
end

def custom_attributes

Returns:
  • (Hash) - hash of custom access token attributes. 
def custom_attributes
  self.class.extract_custom_attributes(attributes)
end

def generate_refresh_token

Returns:
  • (String) - refresh token value 
def generate_refresh_token
  @raw_refresh_token = UniqueToken.generate
  secret_strategy.store_secret(self, :refresh_token, @raw_refresh_token)
end

def generate_token

Raises:
  • (Doorkeeper::Errors::TokenGeneratorNotFound) -
  • (Doorkeeper::Errors::UnableToGenerateToken) -

Returns:
  • (String) - generated token value 
def generate_token
  self.created_at ||= Time.now.utc
  @raw_token = token_generator.generate(attributes_for_token_generator)
  secret_strategy.store_secret(self, :token, @raw_token)
  @raw_token
end

def old_refresh_token

Returns:
  • (Doorkeeper::AccessToken, nil) - 
def old_refresh_token
  @old_refresh_token ||= self.class.by_previous_refresh_token(previous_refresh_token)
end

def plaintext_refresh_token

The stored refresh_token may be mapped and not available in cleartext.
We keep a volatile copy of the raw refresh token for initial communication 
def plaintext_refresh_token
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :refresh_token)
  else
    @raw_refresh_token
  end
end

def plaintext_token

returning a present value for persisted tokens.
while hashing strategies do not, so you cannot rely on this value
Some strategies allow restoring stored secrets (e.g. symmetric encryption)

The stored refresh_token may be mapped and not available in cleartext.
We keep a volatile copy of the raw token for initial communication 
def plaintext_token
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :token)
  else
    @raw_token
  end
end

def revoke_previous_refresh_token!


and clears `:previous_refresh_token` attribute.
Revokes token with `:refresh_token` equal to `:previous_refresh_token` 
def revoke_previous_refresh_token!
  return if !self.class.refresh_token_revoked_on_use? || previous_refresh_token.blank?
  old_refresh_token&.revoke
  update_attribute(:previous_refresh_token, "")
end

def same_credential?(access_token)

Returns:
  • (Boolean) - true if credentials are same of false in other cases

Parameters:
  • access_token (Doorkeeper::AccessToken) -- other token 
def same_credential?(access_token)
  application_id == access_token.application_id &&
    same_resource_owner?(access_token)
end

def same_resource_owner?(access_token)

Returns:
  • (Boolean) - true if credentials are same of false in other cases

Parameters:
  • access_token (Doorkeeper::AccessToken) -- other token 
def same_resource_owner?(access_token)
  if Doorkeeper.configuration.polymorphic_resource_owner?
    resource_owner == access_token.resource_owner
  else
    resource_owner_id == access_token.resource_owner_id
  end
end

def token_generator 

def token_generator
  generator_name = Doorkeeper.config.access_token_generator
  generator = generator_name.constantize
  return generator if generator.respond_to?(:generate)
  raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
rescue NameError
  raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
end

def token_type

Other tags:
    See: https://datatracker.ietf.org/doc/html/rfc6750 - 
def token_type
  "Bearer"
end

def use_refresh_token? 

def use_refresh_token?
  @use_refresh_token ||= false
  !!@use_refresh_token
end