module Doorkeeper::Orm::ActiveRecord::Mixins::Application

def as_json(options = {})

Returns:
  • (Hash) - entity attributes for JSON 
def as_json(options = {})
  # if application belongs to some owner we need to check if it's the same as
  # the one passed in the options or check if we render the client as an owner
  if (respond_to?(:owner) && owner && owner == options[:current_resource_owner]) ||
     options[:as_owner]
    # Owners can see all the client attributes, fallback to ActiveModel serialization
    super
  else
    # if application has no owner or it's owner doesn't match one from the options
    # we render only minimum set of attributes that could be exposed to a public
    only = extract_serializable_attributes(options)
    super(options.merge(only: only))
  end
end

def authorized_for_resource_owner?(resource_owner) 

def authorized_for_resource_owner?(resource_owner)
  Doorkeeper.configuration.authorize_resource_owner_for_client.call(self, resource_owner)
end

def client_serializable_attributes

Returns:
  • (Array) - collection of serializable attributes 
def client_serializable_attributes
  attributes = %w[id name created_at]
  attributes << "uid" unless confidential?
  attributes
end

def enforce_scopes? 

def enforce_scopes?
  Doorkeeper.config.enforce_configured_scopes?
end

def extract_serializable_attributes(options = {})

Returns:
  • (Array) -

Parameters:
  • options (Hash) -- serialization options 
def extract_serializable_attributes(options = {})
  opts = options.try(:dup) || {}
  only = Array.wrap(opts[:only]).map(&:to_s)
  only = if only.blank?
           client_serializable_attributes
         else
           only & client_serializable_attributes
         end
  only -= Array.wrap(opts[:except]).map(&:to_s) if opts.key?(:except)
  only.uniq
end

def generate_secret 

def generate_secret
  return if secret.present? || !secret_required?
  renew_secret
end

def generate_uid 

def generate_uid
  self.uid = Doorkeeper::OAuth::Helpers::UniqueToken.generate if uid.blank?
end

def plaintext_secret

returning a present value for persisted tokens.
while hashing strategies do not, so you cannot rely on this value
Some strategies allow restoring stored secrets (e.g. symmetric encryption)

The stored refresh_token may be mapped and not available in cleartext.
We keep a volatile copy of the raw secret for initial communication 
def plaintext_secret
  if secret_strategy.allows_restoring_secrets?
    secret_strategy.restore_secret(self, :secret)
  else
    @raw_secret
  end
end

def read_attribute_for_serialization(key)

Parameters:
  • key (String) -- attribute name 
def read_attribute_for_serialization(key)
  return super unless key.to_s == "secret"
  plaintext_secret || secret
end

def renew_secret

Returns:
  • (String) - new transformed secret value 
def renew_secret
  @raw_secret = secret_generator.generate
  secret_strategy.store_secret(self, :secret, @raw_secret)
end

def scopes_match_configured 

def scopes_match_configured
  if scopes.present? && !Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
    scope_str: scopes.to_s,
    server_scopes: Doorkeeper.config.scopes,
  )
    errors.add(:scopes, :not_match_configured)
  end
end

def secret_generator 

def secret_generator
  generator_name = Doorkeeper.config.application_secret_generator
  generator = generator_name.constantize
  return generator if generator.respond_to?(:generate)
  raise Errors::UnableToGenerateToken, "#{generator} does not respond to `.generate`."
rescue NameError
  raise Errors::TokenGeneratorNotFound, "#{generator_name} not found"
end

def secret_required? 

def secret_required?
  confidential? ||
    !self.class.columns.detect { |column| column.name == "secret" }&.null
end