Class: Doorkeeper::Config::Builder

Inherits:
AbstractBuilder show all
Defined in:
lib/doorkeeper/config.rb

Overview

Default Doorkeeper configuration builder

Instance Attribute Summary

Attributes inherited from AbstractBuilder

#config

Instance Method Summary collapse

Methods inherited from AbstractBuilder

#build, #initialize

Constructor Details

This class inherits a constructor from Doorkeeper::Config::AbstractBuilder

Instance Method Details

#access_token_methods(*methods) ⇒ Object

Change the way access token is authenticated from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:access_token` or `:bearer_token` params from the `params` object.

Parameters:

  • methods (Array)

    Define access token methods



83
84
85
 
# File 'lib/doorkeeper/config.rb', line 83

def access_token_methods(*methods)
  @config.instance_variable_set(:@access_token_methods, methods)
end

#api_onlyObject

Use an API mode for applications generated with –api argument It will skip applications controller, disable forgery protection



150
151
152
 
# File 'lib/doorkeeper/config.rb', line 150

def api_only
  @config.instance_variable_set(:@api_only, true)
end

#client_credentials(*methods) ⇒ Object

Change the way client credentials are retrieved from the request object. By default it retrieves first from the ‘HTTP_AUTHORIZATION` header, then falls back to the `:client_id` and `:client_secret` params from the `params` object.

Parameters:

  • methods (Array)

    Define client credentials



73
74
75
 
# File 'lib/doorkeeper/config.rb', line 73

def client_credentials(*methods)
  @config.instance_variable_set(:@client_credentials_methods, methods)
end

#confirm_application_ownerObject 



30
31
32
 
# File 'lib/doorkeeper/config.rb', line 30

def confirm_application_owner
  @config.instance_variable_set(:@confirm_application_owner, true)
end

#default_scopes(*scopes) ⇒ Object

Define default access token scopes for your provider

token scopes

Parameters:

  • scopes (Array)

    Default set of access (OAuth::Scopes.new)



48
49
50
 
# File 'lib/doorkeeper/config.rb', line 48

def default_scopes(*scopes)
  @config.instance_variable_set(:@default_scopes, OAuth::Scopes.from_array(scopes))
end

#enable_application_owner(opts = {}) ⇒ Object

Provide support for an owner to be assigned to each registered application (disabled by default) Optional parameter confirmation: true (default false) if you want to enforce ownership of a registered application

Parameters:

  • opts (Hash) (defaults to: {})

    the options to confirm if an application owner is present

  • opts[Boolean] (Hash)

    a customizable set of options



25
26
27
28
 
# File 'lib/doorkeeper/config.rb', line 25

def enable_application_owner(opts = {})
  @config.instance_variable_set(:@enable_application_owner, true)
  confirm_application_owner if opts[:confirmation].present? && opts[:confirmation]
end

#enable_dynamic_scopes(opts = {}) ⇒ Object

Provide support for dynamic scopes (e.g. user:*) (disabled by default) Optional parameter delimiter (default “:”) if you want to customize the delimiter separating the scope name and matching value.

Parameters:

  • opts (Hash) (defaults to: {})

    the options to configure dynamic scopes



39
40
41
42
 
# File 'lib/doorkeeper/config.rb', line 39

def enable_dynamic_scopes(opts = {})
  @config.instance_variable_set(:@enable_dynamic_scopes, true)
  @config.instance_variable_set(:@dynamic_scopes_delimiter, opts[:delimiter] || ":")
end

#enable_multiple_database_rolesObject

Enable support for multiple database configurations with read replicas. When enabled, wraps database write operations to ensure they use the primary (writable) database when automatic role switching is enabled.

For ActiveRecord (Rails 6.1+), this uses ‘ActiveRecord::Base.connected_to(role: :writing)`. Other ORM extensions can implement their own primary database targeting logic.

This prevents ‘ActiveRecord::ReadOnlyError` when using read replicas with Rails automatic role switching. Enable this if your application uses multiple databases with automatic role switching for read replicas.

See: guides.rubyonrails.org/active_record_multiple_databases.html#activating-automatic-role-switching



114
115
116
 
# File 'lib/doorkeeper/config.rb', line 114

def enable_multiple_database_roles
  @config.instance_variable_set(:@enable_multiple_database_roles, true)
end

#enforce_configured_scopesObject

Forbids creating/updating applications with arbitrary scopes that are not in configuration, i.e. ‘default_scopes` or `optional_scopes`. (disabled by default)



163
164
165
 
# File 'lib/doorkeeper/config.rb', line 163

def enforce_configured_scopes
  @config.instance_variable_set(:@enforce_configured_scopes, true)
end

#enforce_content_typeObject

Enforce request content type as the spec requires: disabled by default for backward compatibility.



169
170
171
 
# File 'lib/doorkeeper/config.rb', line 169

def enforce_content_type
  @config.instance_variable_set(:@enforce_content_type, true)
end

#force_pkceObject

Require non-confidential apps to use PKCE (send a code_verifier) when requesting an access_token using an authorization code (disabled by default)



144
145
146
 
# File 'lib/doorkeeper/config.rb', line 144

def force_pkce
  @config.instance_variable_set(:@force_pkce, true)
end

#hash_application_secrets(using: nil, fallback: nil) ⇒ Object

Allow optional hashing of application secrets before persisting them. Will be used for hashing of input token and grants.

Parameters:

  • using (defaults to: nil)

    Provide a different secret storage implementation for applications

  • fallback (defaults to: nil)

    Provide a fallback secret storage implementation for applications or use :plain to fallback to plain application secrets



196
197
198
199
200
201
 
# File 'lib/doorkeeper/config.rb', line 196

def hash_application_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :application,
                        using: using || default,
                        fallback: fallback
end

#hash_token_secrets(using: nil, fallback: nil) ⇒ Object

Allow optional hashing of input tokens before persisting them. Will be used for hashing of input token and grants.

Parameters:

  • using (defaults to: nil)

    Provide a different secret storage implementation class for tokens

  • fallback (defaults to: nil)

    Provide a fallback secret storage implementation class for tokens or use :plain to fallback to plain tokens



181
182
183
184
185
186
 
# File 'lib/doorkeeper/config.rb', line 181

def hash_token_secrets(using: nil, fallback: nil)
  default = "::Doorkeeper::SecretStoring::Sha256Hash"
  configure_secrets_for :token,
                        using: using || default,
                        fallback: fallback
end

#optional_scopes(*scopes) ⇒ Object

Define default access token scopes for your provider

token scopes

Parameters:

  • scopes (Array)

    Optional set of access (OAuth::Scopes.new)



56
57
58
 
# File 'lib/doorkeeper/config.rb', line 56

def optional_scopes(*scopes)
  @config.instance_variable_set(:@optional_scopes, OAuth::Scopes.from_array(scopes))
end

#reuse_access_tokenObject

Reuse access token for the same resource owner within an application (disabled by default) Rationale: github.com/doorkeeper-gem/doorkeeper/issues/383



98
99
100
 
# File 'lib/doorkeeper/config.rb', line 98

def reuse_access_token
  @config.instance_variable_set(:@reuse_access_token, true)
end

#revoke_previous_authorization_code_tokenObject

Only allow one valid access token obtained via authorization code per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)



138
139
140
 
# File 'lib/doorkeeper/config.rb', line 138

def revoke_previous_authorization_code_token
  @config.instance_variable_set(:@revoke_previous_authorization_code_token, true)
end

#revoke_previous_client_credentials_tokenObject

TODO: maybe make it more generic for other flows too? Only allow one valid access token obtained via client credentials per client. If a new access token is obtained before the old one expired, the old one gets revoked (disabled by default)



131
132
133
 
# File 'lib/doorkeeper/config.rb', line 131

def revoke_previous_client_credentials_token
  @config.instance_variable_set(:@revoke_previous_client_credentials_token, true)
end

#scopes_by_grant_type(hash = {}) ⇒ Object

Define scopes_by_grant_type to limit certain scope to certain grant_type Default set to {} i.e. no limitation on scopes usage

Parameters:

  • with (Hash)

    grant_types as keys.



63
64
65
 
# File 'lib/doorkeeper/config.rb', line 63

def scopes_by_grant_type(hash = {})
  @config.instance_variable_set(:@scopes_by_grant_type, hash)
end

#use_polymorphic_resource_ownerObject

Enables polymorphic Resource Owner association for Access Grant and Access Token models. Requires additional database columns to be setup.



156
157
158
 
# File 'lib/doorkeeper/config.rb', line 156

def use_polymorphic_resource_owner
  @config.instance_variable_set(:@polymorphic_resource_owner, true)
end

#use_refresh_token(enabled = true, &block) ⇒ Object

Issue access tokens with refresh token (disabled if not set)



88
89
90
91
92
93
 
# File 'lib/doorkeeper/config.rb', line 88

def use_refresh_token(enabled = true, &block)
  @config.instance_variable_set(
    :@refresh_token_enabled,
    block || enabled,
  )
end

#use_url_path_for_native_authorizationObject

Choose to use the url path for native autorization codes Enabling this flag sets the authorization code response route for native redirect uris to oauth/authorize/<code>. The default is oauth/authorize/native?code=<code>. Rationale: github.com/doorkeeper-gem/doorkeeper/issues/1143



123
124
125
 
# File 'lib/doorkeeper/config.rb', line 123

def use_url_path_for_native_authorization
  @config.instance_variable_set(:@use_url_path_for_native_authorization, true)
end