Class: Doorkeeper::Config

Inherits:
Object
  • Object
show all
Extended by:
Option
Includes:
Validations
Defined in:
lib/doorkeeper/config.rb,
lib/doorkeeper/config/option.rb,
lib/doorkeeper/config/validations.rb,
lib/doorkeeper/config/abstract_builder.rb

Overview

Doorkeeper option DSL could be reused in extensions to build their own configurations. To use the Option DSL gems need to define ‘builder_class` method that returns configuration Builder class. This exception raises when they don’t define it.

Defined Under Namespace

Modules: Option, Validations Classes: AbstractBuilder, Builder

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Option

extended, option

Methods included from Validations

#validate!

Instance Attribute Details

#application_secret_fallback_strategyObject (readonly)

Returns the value of attribute application_secret_fallback_strategy.



455
456
457
 
# File 'lib/doorkeeper/config.rb', line 455

def application_secret_fallback_strategy
  @application_secret_fallback_strategy
end

#enable_multiple_database_rolesObject (readonly)

Returns the value of attribute enable_multiple_database_roles.



455
456
457
 
# File 'lib/doorkeeper/config.rb', line 455

def enable_multiple_database_roles
  @enable_multiple_database_roles
end

#reuse_access_tokenObject (readonly)

Returns the value of attribute reuse_access_token.



455
456
457
 
# File 'lib/doorkeeper/config.rb', line 455

def reuse_access_token
  @reuse_access_token
end

#token_secret_fallback_strategyObject (readonly)

Returns the value of attribute token_secret_fallback_strategy.



455
456
457
 
# File 'lib/doorkeeper/config.rb', line 455

def token_secret_fallback_strategy
  @token_secret_fallback_strategy
end

Instance Method Details

#access_grant_modelActiveRecord::Base, ...

Doorkeeper Access Grant model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


482
483
484
 
# File 'lib/doorkeeper/config.rb', line 482

def access_grant_model
  @access_grant_model ||= access_grant_class.constantize
end

#access_token_methodsObject 



603
604
605
606
607
608
609
 
# File 'lib/doorkeeper/config.rb', line 603

def access_token_methods
  @access_token_methods ||= %i[
    from_bearer_authorization
    from_access_token_param
    from_bearer_param
  ]
end

#access_token_modelActiveRecord::Base, ...

Doorkeeper Access Token model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


474
475
476
 
# File 'lib/doorkeeper/config.rb', line 474

def access_token_model
  @access_token_model ||= access_token_class.constantize
end

#allow_blank_redirect_uri?(application = nil) ⇒ Boolean

Returns:

  • (Boolean) 


689
690
691
692
693
694
695
 
# File 'lib/doorkeeper/config.rb', line 689

def allow_blank_redirect_uri?(application = nil)
  if allow_blank_redirect_uri.respond_to?(:call)
    allow_blank_redirect_uri.call(grant_flows, application)
  else
    allow_blank_redirect_uri
  end
end

#allow_grant_flow_for_clientBoolean

Allows to customize OAuth grant flows that each application support. You can configure a custom block (or use a class respond to ‘#call`) that must return `true` in case Application instance supports requested OAuth grant flow during the authorization request to the server. This configuration doesn’t set flows per application, it only allows to check if application supports specific grant flow.

For example you can add an additional database column to ‘oauth_applications` table, say `t.array :grant_flows, default: []`, and store allowed grant flows that can be used with this application there. Then when authorization requested Doorkeeper will call this block to check if specific Application (passed with client_id and/or client_secret) is allowed to perform the request for the specific grant type (authorization, password, client_credentials, etc).

Example of the block:

->(flow, client) { client.grant_flows.include?(flow) }

In case this option invocation result is ‘false`, Doorkeeper server returns :unauthorized_client error and stops the request.

Parameters:

  • allow_grant_flow_for_client (Proc)

    Block or any object respond to #call

Returns:

  • (Boolean)

    ‘true` if allow or `false` if forbid the request



325
 
# File 'lib/doorkeeper/config.rb', line 325

option :allow_grant_flow_for_client,    default: ->(_grant_flow, _client) { true }

#allow_grant_flow_for_client?(grant_flow, client) ⇒ Boolean

Returns:

  • (Boolean) 


697
698
699
700
701
 
# File 'lib/doorkeeper/config.rb', line 697

def allow_grant_flow_for_client?(grant_flow, client)
  return true unless option_defined?(:allow_grant_flow_for_client)

  allow_grant_flow_for_client.call(grant_flow, client)
end

#api_onlyObject 



494
495
496
 
# File 'lib/doorkeeper/config.rb', line 494

def api_only
  @api_only ||= false
end

#application_modelActiveRecord::Base, ...

Doorkeeper Application model class.

Returns:

  • (ActiveRecord::Base, Mongoid::Document, Sequel::Model) 


490
491
492
 
# File 'lib/doorkeeper/config.rb', line 490

def application_model
  @application_model ||= application_class.constantize
end

#application_secret_hashed?Boolean

Returns:

  • (Boolean) 


565
566
567
 
# File 'lib/doorkeeper/config.rb', line 565

def application_secret_hashed?
  instance_variable_defined?(:"@application_secret_strategy")
end

#application_secret_strategyObject 



573
574
575
 
# File 'lib/doorkeeper/config.rb', line 573

def application_secret_strategy
  @application_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end

#authorization_response_flowsObject 



615
616
617
618
 
# File 'lib/doorkeeper/config.rb', line 615

def authorization_response_flows
  @authorization_response_flows ||= enabled_grant_flows.select(&:handles_response_type?) +
                                    deprecated_authorization_flows
end

#authorization_response_typesObject 



624
625
626
 
# File 'lib/doorkeeper/config.rb', line 624

def authorization_response_types
  authorization_response_flows.map(&:response_type_matches)
end

#calculate_authorization_response_typesObject

[NOTE]: deprecated and will be removed soon



660
661
662
 
# File 'lib/doorkeeper/config.rb', line 660

def calculate_authorization_response_types
  []
end

#calculate_grant_flowsObject

Calculates grant flows configured by the user in Doorkeeper configuration considering registered aliases that is exposed to single or multiple other flows.



675
676
677
678
679
680
681
682
683
684
685
686
687
 
# File 'lib/doorkeeper/config.rb', line 675

def calculate_grant_flows
  configured_flows = grant_flows.map(&:to_s)
  aliases = Doorkeeper::GrantFlow.aliases.keys.map(&:to_s)

  flows = configured_flows - aliases
  aliases.each do |flow_alias|
    next unless configured_flows.include?(flow_alias)

    flows.concat(Doorkeeper::GrantFlow.expand_alias(flow_alias))
  end

  flows.flatten.uniq
end

#calculate_token_grant_typesObject

[NOTE]: deprecated and will be removed soon



665
666
667
668
669
 
# File 'lib/doorkeeper/config.rb', line 665

def calculate_token_grant_types
  types = grant_flows - ["implicit"]
  types << "refresh_token" if refresh_token_enabled?
  types
end

#clear_cache!Object 



460
461
462
463
464
465
466
467
468
 
# File 'lib/doorkeeper/config.rb', line 460

def clear_cache!
  %i[
    application_model
    access_token_model
    access_grant_model
  ].each do |var|
    remove_instance_variable("@#{var}") if instance_variable_defined?("@#{var}")
  end
end

#client_credentials_methodsObject 



599
600
601
 
# File 'lib/doorkeeper/config.rb', line 599

def client_credentials_methods
  @client_credentials_methods ||= %i[from_basic from_params]
end

#confirm_application_owner?Boolean

Returns:

  • (Boolean) 


553
554
555
 
# File 'lib/doorkeeper/config.rb', line 553

def confirm_application_owner?
  option_set? :confirm_application_owner
end

#default_scopesObject 



577
578
579
 
# File 'lib/doorkeeper/config.rb', line 577

def default_scopes
  @default_scopes ||= OAuth::Scopes.new
end

#deprecated_authorization_flowsObject

[NOTE]: deprecated and will be removed soon



643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
 
# File 'lib/doorkeeper/config.rb', line 643

def deprecated_authorization_flows
  response_types = calculate_authorization_response_types

  if response_types.any?
    ::Kernel.warn <<~WARNING
      Please, don't patch Doorkeeper::Config#calculate_authorization_response_types method.
      Register your custom grant flows using the public API:
      `Doorkeeper::GrantFlow.register(grant_flow_name, **options)`.
    WARNING
  end

  response_types.map do |response_type|
    Doorkeeper::GrantFlow::FallbackFlow.new(response_type, response_type_matches: response_type)
  end
end

#deprecated_token_grant_types_resolverObject

[NOTE]: deprecated and will be removed soon



633
634
635
 
# File 'lib/doorkeeper/config.rb', line 633

def deprecated_token_grant_types_resolver
  @deprecated_token_grant_types ||= calculate_token_grant_types
end

#dynamic_scopes_delimiterObject 



545
546
547
 
# File 'lib/doorkeeper/config.rb', line 545

def dynamic_scopes_delimiter
  @dynamic_scopes_delimiter
end

#enable_application_owner?Boolean

Returns:

  • (Boolean) 


537
538
539
 
# File 'lib/doorkeeper/config.rb', line 537

def enable_application_owner?
  option_set? :enable_application_owner
end

#enable_dynamic_scopes?Boolean

Returns:

  • (Boolean) 


541
542
543
 
# File 'lib/doorkeeper/config.rb', line 541

def enable_dynamic_scopes?
  option_set? :enable_dynamic_scopes
end

#enabled_grant_flowsObject 



611
612
613
 
# File 'lib/doorkeeper/config.rb', line 611

def enabled_grant_flows
  @enabled_grant_flows ||= calculate_grant_flows.map { |name| Doorkeeper::GrantFlow.get(name) }.compact
end

#enforce_configured_scopes?Boolean

Returns:

  • (Boolean) 


533
534
535
 
# File 'lib/doorkeeper/config.rb', line 533

def enforce_configured_scopes?
  option_set? :enforce_configured_scopes
end

#enforce_content_typeObject 



498
499
500
 
# File 'lib/doorkeeper/config.rb', line 498

def enforce_content_type
  @enforce_content_type ||= false
end

#force_pkce?Boolean

Returns:

  • (Boolean) 


529
530
531
 
# File 'lib/doorkeeper/config.rb', line 529

def force_pkce?
  option_set? :force_pkce
end

#native_authorization_code_routeObject 



637
638
639
640
 
# File 'lib/doorkeeper/config.rb', line 637

def native_authorization_code_route
  @use_url_path_for_native_authorization = false unless defined?(@use_url_path_for_native_authorization)
  @use_url_path_for_native_authorization ? "/:code" : "/native"
end

#option_defined?(name) ⇒ Boolean

Returns:

  • (Boolean) 


703
704
705
 
# File 'lib/doorkeeper/config.rb', line 703

def option_defined?(name)
  instance_variable_defined?("@#{name}")
end

#optional_scopesObject 



581
582
583
 
# File 'lib/doorkeeper/config.rb', line 581

def optional_scopes
  @optional_scopes ||= OAuth::Scopes.new
end

#pkce_code_challenge_methods_supportedObject 



593
594
595
596
597
 
# File 'lib/doorkeeper/config.rb', line 593

def pkce_code_challenge_methods_supported
  return [] unless access_grant_model.pkce_supported?

  pkce_code_challenge_methods
end

#polymorphic_resource_owner?Boolean

Returns:

  • (Boolean) 


549
550
551
 
# File 'lib/doorkeeper/config.rb', line 549

def polymorphic_resource_owner?
  option_set? :polymorphic_resource_owner
end

#raise_on_errors?Boolean

Returns:

  • (Boolean) 


557
558
559
 
# File 'lib/doorkeeper/config.rb', line 557

def raise_on_errors?
  handle_auth_errors == :raise
end

#redirect_on_errors?Boolean

Returns:

  • (Boolean) 


561
562
563
 
# File 'lib/doorkeeper/config.rb', line 561

def redirect_on_errors?
  handle_auth_errors == :redirect
end

#refresh_token_enabled?Boolean

Returns:

  • (Boolean) 


502
503
504
505
506
507
508
 
# File 'lib/doorkeeper/config.rb', line 502

def refresh_token_enabled?
  if defined?(@refresh_token_enabled)
    @refresh_token_enabled
  else
    false
  end
end

#resolve_controller(name) ⇒ Object 



510
511
512
513
514
515
516
517
518
519
 
# File 'lib/doorkeeper/config.rb', line 510

def resolve_controller(name)
  config_option = public_send(:"#{name}_controller")
  controller_name = if config_option.respond_to?(:call)
                      instance_exec(&config_option)
                    else
                      config_option
                    end

  controller_name.constantize
end

#revoke_previous_authorization_code_token?Boolean

Returns:

  • (Boolean) 


525
526
527
 
# File 'lib/doorkeeper/config.rb', line 525

def revoke_previous_authorization_code_token?
  option_set? :revoke_previous_authorization_code_token
end

#revoke_previous_client_credentials_token?Boolean

Returns:

  • (Boolean) 


521
522
523
 
# File 'lib/doorkeeper/config.rb', line 521

def revoke_previous_client_credentials_token?
  option_set? :revoke_previous_client_credentials_token
end

#scopesObject 



585
586
587
 
# File 'lib/doorkeeper/config.rb', line 585

def scopes
  @scopes ||= default_scopes + optional_scopes
end

#scopes_by_grant_typeObject 



589
590
591
 
# File 'lib/doorkeeper/config.rb', line 589

def scopes_by_grant_type
  @scopes_by_grant_type ||= {}
end

#token_grant_flowsObject 



620
621
622
 
# File 'lib/doorkeeper/config.rb', line 620

def token_grant_flows
  @token_grant_flows ||= calculate_token_grant_flows
end

#token_grant_typesObject 



628
629
630
 
# File 'lib/doorkeeper/config.rb', line 628

def token_grant_types
  token_grant_flows.map(&:grant_type_matches)
end

#token_secret_strategyObject 



569
570
571
 
# File 'lib/doorkeeper/config.rb', line 569

def token_secret_strategy
  @token_secret_strategy ||= ::Doorkeeper::SecretStoring::Plain
end