Class: Doorkeeper::OpenidConnect::OAuth::DynamicRegistrationRequest

Inherits:
Object
  • Object
show all
Includes:
GrantTypesSupportedMixin, TokenEndpointAuthMethodsSupportedMixin, Validations
Defined in:
lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb

Constant Summary collapse

DEFAULT_TOKEN_ENDPOINT_AUTH_METHOD =
"client_secret_basic"
PUBLIC_CLIENT_AUTH_METHOD =
"none"
DEFAULT_APPLICATION_TYPE =
"web"
SUPPORTED_APPLICATION_TYPES =
%w[web native].freeze

Constants included from TokenEndpointAuthMethodsSupportedMixin

TokenEndpointAuthMethodsSupportedMixin::CLIENT_CREDENTIALS_METHOD_MAPPING

Instance Method Summary collapse

Methods included from GrantTypesSupportedMixin

#grant_types_supported

Methods included from TokenEndpointAuthMethodsSupportedMixin

#token_endpoint_auth_methods_supported

Constructor Details

#initialize(server, params) ⇒ DynamicRegistrationRequest

Returns a new instance of DynamicRegistrationRequest.



22
23
24
25
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 22

def initialize(server, params)
  @server = server
  @params = params
end

Instance Method Details

#confidential_client?Boolean

Returns:

  • (Boolean)


45
46
47
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 45

def confidential_client?
  token_endpoint_auth_method != PUBLIC_CLIENT_AUTH_METHOD
end

#error_responseObject



69
70
71
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 69

def error_response
  { error: error.to_s, error_description: @error_description }
end

#permitted_scopesObject

RFC 7591 §2 lets the authorization server replace or omit requested scopes. The requested scope is intersected against the server's configured scopes (default + optional): partially unrecognized scopes are silently dropped, while a request whose scopes are all unsupported is rejected via #validate_scope, since persisting an empty scope set would make Doorkeeper's ScopeChecker fall back to the full server scope set. Scopes#allowed honors dynamic scopes and preserves the requested order, but only exists on Doorkeeper 5.8.1+; older versions fall back to plain intersection (dynamic scopes do not exist there, so nothing is lost).



59
60
61
62
63
64
65
66
67
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 59

def permitted_scopes
  server_scopes = server.scopes

  if server_scopes.respond_to?(:allowed)
    server_scopes.allowed(requested_scopes).to_s
  else
    (server_scopes & requested_scopes).to_s
  end
end

#requested_application_typeObject



31
32
33
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 31

def requested_application_type
  @params[:application_type].presence || DEFAULT_APPLICATION_TYPE
end

#requested_grant_typesObject



40
41
42
43
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 40

def requested_grant_types
  types = Array(@params[:grant_types]).compact_blank
  types.presence || server_grant_types
end

#requested_response_typesObject



35
36
37
38
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 35

def requested_response_types
  types = Array(@params[:response_types]).compact_blank
  types.presence || server_response_types
end

#token_endpoint_auth_methodObject



27
28
29
# File 'lib/doorkeeper/openid_connect/oauth/dynamic_registration_request.rb', line 27

def token_endpoint_auth_method
  @params[:token_endpoint_auth_method].presence || DEFAULT_TOKEN_ENDPOINT_AUTH_METHOD
end