Class: Doorkeeper::Config

Inherits:

Object

• Object
• Doorkeeper::Config

Extended by:

Option

Includes:

Validations

Defined in:

lib/doorkeeper/config.rb,
lib/doorkeeper/config/option.rb,
lib/doorkeeper/config/validations.rb,
lib/doorkeeper/config/abstract_builder.rb

Overview

Doorkeeper option DSL could be reused in extensions to build their own configurations. To use the Option DSL gems need to define ‘builder_class` method that returns configuration Builder class. This exception raises when they don’t define it.

Defined Under Namespace

Modules: Option, Validations Classes: AbstractBuilder, Builder

Instance Attribute Summary

• #application_secret_fallback_strategy ⇒ Object readonly

  Returns the value of attribute application_secret_fallback_strategy.

• #reuse_access_token ⇒ Object readonly

  Returns the value of attribute reuse_access_token.

• #token_secret_fallback_strategy ⇒ Object readonly

  Returns the value of attribute token_secret_fallback_strategy.

Instance Method Summary

• #access_grant_model ⇒ ActiveRecord::Base, ...

  Doorkeeper Access Grant model class.

• #access_token_methods ⇒ Object
• #access_token_model ⇒ ActiveRecord::Base, ...

  Doorkeeper Access Token model class.

• #allow_blank_redirect_uri?(application = nil) ⇒ Boolean
• #allow_grant_flow_for_client ⇒ Boolean

  Allows to customize OAuth grant flows that each application support.

• #allow_grant_flow_for_client?(grant_flow, client) ⇒ Boolean
• #api_only ⇒ Object
• #application_model ⇒ ActiveRecord::Base, ...

  Doorkeeper Application model class.

• #application_secret_hashed? ⇒ Boolean
• #application_secret_strategy ⇒ Object
• #authorization_response_flows ⇒ Object
• #authorization_response_types ⇒ Object
• #calculate_authorization_response_types ⇒ Object

  [NOTE]: deprecated and will be removed soon.

• #calculate_grant_flows ⇒ Object

  Calculates grant flows configured by the user in Doorkeeper configuration considering registered aliases that is exposed to single or multiple other flows.

• #calculate_token_grant_types ⇒ Object

  [NOTE]: deprecated and will be removed soon.

• #clear_cache! ⇒ Object
• #client_credentials_methods ⇒ Object
• #confirm_application_owner? ⇒ Boolean
• #default_scopes ⇒ Object
• #deprecated_authorization_flows ⇒ Object

  [NOTE]: deprecated and will be removed soon.

• #deprecated_token_grant_types_resolver ⇒ Object

  [NOTE]: deprecated and will be removed soon.

• #enable_application_owner? ⇒ Boolean
• #enabled_grant_flows ⇒ Object
• #enforce_configured_scopes? ⇒ Boolean
• #enforce_content_type ⇒ Object
• #force_pkce? ⇒ Boolean
• #native_authorization_code_route ⇒ Object
• #option_defined?(name) ⇒ Boolean
• #optional_scopes ⇒ Object
• #polymorphic_resource_owner? ⇒ Boolean
• #raise_on_errors? ⇒ Boolean
• #redirect_on_errors? ⇒ Boolean
• #refresh_token_enabled? ⇒ Boolean
• #resolve_controller(name) ⇒ Object
• #revoke_previous_authorization_code_token? ⇒ Boolean
• #revoke_previous_client_credentials_token? ⇒ Boolean
• #scopes ⇒ Object
• #scopes_by_grant_type ⇒ Object
• #token_grant_flows ⇒ Object
• #token_grant_types ⇒ Object
• #token_secret_strategy ⇒ Object

Methods included from Option

extended, option

Methods included from Validations

#validate!

Instance Attribute Details

#application_secret_fallback_strategy ⇒ Object (readonly)

Returns the value of attribute application_secret_fallback_strategy.

# File 'lib/doorkeeper/config.rb', line 428

def application_secret_fallback_strategy
  @application_secret_fallback_strategy
end

#reuse_access_token ⇒ Object (readonly)

Returns the value of attribute reuse_access_token.

# File 'lib/doorkeeper/config.rb', line 428

def reuse_access_token
  @reuse_access_token
end

#token_secret_fallback_strategy ⇒ Object (readonly)

Returns the value of attribute token_secret_fallback_strategy.

# File 'lib/doorkeeper/config.rb', line 428

def token_secret_fallback_strategy
  @token_secret_fallback_strategy
end

Instance Method Details

#access_grant_model ⇒ ActiveRecord::Base, ...

Doorkeeper Access Grant model class.

Returns:

• (ActiveRecord::Base, Mongoid::Document, Sequel::Model)

# File 'lib/doorkeeper/config.rb', line 454

def access_grant_model
  @access_grant_model ||= access_grant_class.constantize
end

#access_token_methods ⇒ Object

# File 'lib/doorkeeper/config.rb', line 561

def access_token_methods
  @access_token_methods ||= %i[
    from_bearer_authorization
    from_access_token_param
    from_bearer_param
  ]
end

#access_token_model ⇒ ActiveRecord::Base, ...

Doorkeeper Access Token model class.

Returns:

• (ActiveRecord::Base, Mongoid::Document, Sequel::Model)

# File 'lib/doorkeeper/config.rb', line 446

def access_token_model
  @access_token_model ||= access_token_class.constantize
end

#allow_blank_redirect_uri?(application = nil) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 647

def allow_blank_redirect_uri?(application = nil)
  if allow_blank_redirect_uri.respond_to?(:call)
    allow_blank_redirect_uri.call(grant_flows, application)
  else
    allow_blank_redirect_uri
  end
end

#allow_grant_flow_for_client ⇒ Boolean

Allows to customize OAuth grant flows that each application support. You can configure a custom block (or use a class respond to ‘#call`) that must return `true` in case Application instance supports requested OAuth grant flow during the authorization request to the server. This configuration doesn’t set flows per application, it only allows to check if application supports specific grant flow.

For example you can add an additional database column to ‘oauth_applications` table, say `t.array :grant_flows, default: []`, and store allowed grant flows that can be used with this application there. Then when authorization requested Doorkeeper will call this block to check if specific Application (passed with client_id and/or client_secret) is allowed to perform the request for the specific grant type (authorization, password, client_credentials, etc).

Example of the block:

->(flow, client) { client.grant_flows.include?(flow) }

In case this option invocation result is ‘false`, Doorkeeper server returns :unauthorized_client error and stops the request.

Parameters:

• allow_grant_flow_for_client (Proc) —

  Block or any object respond to #call

Returns:

• (Boolean) —

  ‘true` if allow or `false` if forbid the request

# File 'lib/doorkeeper/config.rb', line 298

option :allow_grant_flow_for_client,    default: ->(_grant_flow, _client) { true }

#allow_grant_flow_for_client?(grant_flow, client) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 655

def allow_grant_flow_for_client?(grant_flow, client)
  return true unless option_defined?(:allow_grant_flow_for_client)

  allow_grant_flow_for_client.call(grant_flow, client)
end

#api_only ⇒ Object

# File 'lib/doorkeeper/config.rb', line 466

def api_only
  @api_only ||= false
end

#application_model ⇒ ActiveRecord::Base, ...

Doorkeeper Application model class.

Returns:

• (ActiveRecord::Base, Mongoid::Document, Sequel::Model)

# File 'lib/doorkeeper/config.rb', line 462

def application_model
  @application_model ||= application_class.constantize
end

#application_secret_hashed? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 529

def application_secret_hashed?
  instance_variable_defined?(:"@application_secret_strategy")
end

#application_secret_strategy ⇒ Object

# File 'lib/doorkeeper/config.rb', line 537

def application_secret_strategy
  @application_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end

#authorization_response_flows ⇒ Object

# File 'lib/doorkeeper/config.rb', line 573

def authorization_response_flows
  @authorization_response_flows ||= enabled_grant_flows.select(&:handles_response_type?) +
                                    deprecated_authorization_flows
end

#authorization_response_types ⇒ Object

# File 'lib/doorkeeper/config.rb', line 582

def authorization_response_types
  authorization_response_flows.map(&:response_type_matches)
end

#calculate_authorization_response_types ⇒ Object

[NOTE]: deprecated and will be removed soon

# File 'lib/doorkeeper/config.rb', line 618

def calculate_authorization_response_types
  []
end

#calculate_grant_flows ⇒ Object

Calculates grant flows configured by the user in Doorkeeper configuration considering registered aliases that is exposed to single or multiple other flows.

# File 'lib/doorkeeper/config.rb', line 633

def calculate_grant_flows
  configured_flows = grant_flows.map(&:to_s)
  aliases = Doorkeeper::GrantFlow.aliases.keys.map(&:to_s)

  flows = configured_flows - aliases
  aliases.each do |flow_alias|
    next unless configured_flows.include?(flow_alias)

    flows.concat(Doorkeeper::GrantFlow.expand_alias(flow_alias))
  end

  flows.flatten.uniq
end

#calculate_token_grant_types ⇒ Object

[NOTE]: deprecated and will be removed soon

# File 'lib/doorkeeper/config.rb', line 623

def calculate_token_grant_types
  types = grant_flows - ["implicit"]
  types << "refresh_token" if refresh_token_enabled?
  types
end

#clear_cache! ⇒ Object

# File 'lib/doorkeeper/config.rb', line 432

def clear_cache!
  %i[
    application_model
    access_token_model
    access_grant_model
  ].each do |var|
    remove_instance_variable("@#{var}") if instance_variable_defined?("@#{var}")
  end
end

#client_credentials_methods ⇒ Object

# File 'lib/doorkeeper/config.rb', line 557

def client_credentials_methods
  @client_credentials_methods ||= %i[from_basic from_params]
end

#confirm_application_owner? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 517

def confirm_application_owner?
  option_set? :confirm_application_owner
end

#default_scopes ⇒ Object

# File 'lib/doorkeeper/config.rb', line 541

def default_scopes
  @default_scopes ||= OAuth::Scopes.new
end

#deprecated_authorization_flows ⇒ Object

[NOTE]: deprecated and will be removed soon

# File 'lib/doorkeeper/config.rb', line 601

def deprecated_authorization_flows
  response_types = calculate_authorization_response_types

  if response_types.any?
    ::Kernel.warn <<~WARNING
      Please, don't patch Doorkeeper::Config#calculate_authorization_response_types method.
      Register your custom grant flows using the public API:
      `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
    WARNING
  end

  response_types.map do |response_type|
    Doorkeeper::GrantFlow::FallbackFlow.new(response_type, response_type_matches: response_type)
  end
end

#deprecated_token_grant_types_resolver ⇒ Object

[NOTE]: deprecated and will be removed soon

# File 'lib/doorkeeper/config.rb', line 591

def deprecated_token_grant_types_resolver
  @deprecated_token_grant_types ||= calculate_token_grant_types
end

#enable_application_owner? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 509

def enable_application_owner?
  option_set? :enable_application_owner
end

#enabled_grant_flows ⇒ Object

# File 'lib/doorkeeper/config.rb', line 569

def enabled_grant_flows
  @enabled_grant_flows ||= calculate_grant_flows.map { |name| Doorkeeper::GrantFlow.get(name) }.compact
end

#enforce_configured_scopes? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 505

def enforce_configured_scopes?
  option_set? :enforce_configured_scopes
end

#enforce_content_type ⇒ Object

# File 'lib/doorkeeper/config.rb', line 470

def enforce_content_type
  @enforce_content_type ||= false
end

#force_pkce? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 501

def force_pkce?
  option_set? :force_pkce
end

#native_authorization_code_route ⇒ Object

# File 'lib/doorkeeper/config.rb', line 595

def native_authorization_code_route
  @use_url_path_for_native_authorization = false unless defined?(@use_url_path_for_native_authorization)
  @use_url_path_for_native_authorization ? '/:code' : '/native'
end

#option_defined?(name) ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 661

def option_defined?(name)
  instance_variable_defined?("@#{name}")
end

#optional_scopes ⇒ Object

# File 'lib/doorkeeper/config.rb', line 545

def optional_scopes
  @optional_scopes ||= OAuth::Scopes.new
end

#polymorphic_resource_owner? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 513

def polymorphic_resource_owner?
  option_set? :polymorphic_resource_owner
end

#raise_on_errors? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 521

def raise_on_errors?
  handle_auth_errors == :raise
end

#redirect_on_errors? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 525

def redirect_on_errors?
  handle_auth_errors == :redirect
end

#refresh_token_enabled? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 474

def refresh_token_enabled?
  if defined?(@refresh_token_enabled)
    @refresh_token_enabled
  else
    false
  end
end

#resolve_controller(name) ⇒ Object

# File 'lib/doorkeeper/config.rb', line 482

def resolve_controller(name)
  config_option = public_send(:"#{name}_controller")
  controller_name = if config_option.respond_to?(:call)
                      instance_exec(&config_option)
                    else
                      config_option
                    end

  controller_name.constantize
end

#revoke_previous_authorization_code_token? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 497

def revoke_previous_authorization_code_token?
  option_set? :revoke_previous_authorization_code_token
end

#revoke_previous_client_credentials_token? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/doorkeeper/config.rb', line 493

def revoke_previous_client_credentials_token?
  option_set? :revoke_previous_client_credentials_token
end

#scopes ⇒ Object

# File 'lib/doorkeeper/config.rb', line 549

def scopes
  @scopes ||= default_scopes + optional_scopes
end

#scopes_by_grant_type ⇒ Object

# File 'lib/doorkeeper/config.rb', line 553

def scopes_by_grant_type
  @scopes_by_grant_type ||= {}
end

#token_grant_flows ⇒ Object

# File 'lib/doorkeeper/config.rb', line 578

def token_grant_flows
  @token_grant_flows ||= calculate_token_grant_flows
end

#token_grant_types ⇒ Object

# File 'lib/doorkeeper/config.rb', line 586

def token_grant_types
  token_grant_flows.map(&:grant_type_matches)
end

#token_secret_strategy ⇒ Object

# File 'lib/doorkeeper/config.rb', line 533

def token_secret_strategy
  @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end