Module: Doorkeeper::Orm::ActiveRecord::Mixins::AccessToken::ClassMethods

Defined in:

lib/doorkeeper/orm/active_record/mixins/access_token.rb

Instance Method Summary

• #active_for(resource_owner) ⇒ ActiveRecord::Relation

  Searches for not revoked Access Tokens associated with the specific Resource Owner.

• #not_expired ⇒ Object

  Returns non-expired and non-revoked access tokens.

• #refresh_token_revoked_on_use? ⇒ Boolean

  Determines if refresh tokens should be revoked only when the new access token is used, rather than immediately upon refresh.

Instance Method Details

#active_for(resource_owner) ⇒ ActiveRecord::Relation

Searches for not revoked Access Tokens associated with the specific Resource Owner.

Parameters:

• resource_owner (ActiveRecord::Base) —

  Resource Owner model instance

Returns:

• (ActiveRecord::Relation) —

  active Access Tokens for Resource Owner

# File 'lib/doorkeeper/orm/active_record/mixins/access_token.rb', line 39

def active_for(resource_owner)
  by_resource_owner(resource_owner).where(revoked_at: nil)
end

#not_expired ⇒ Object

Returns non-expired and non-revoked access tokens

# File 'lib/doorkeeper/orm/active_record/mixins/access_token.rb', line 70

def not_expired
  relation = where(revoked_at: nil)

  if supports_expiration_time_math?
    # have not reached the expiration time or it never expires
    relation.where("#{expiration_time_sql} > ?", Time.now.utc).or(
      relation.where(expires_in: nil),
    )
  else
    ::Kernel.warn(::Doorkeeper::Models::ExpirationTimeSqlMath::WARNING_MESSAGE)

    relation
  end
end

#refresh_token_revoked_on_use? ⇒ Boolean

Determines if refresh tokens should be revoked only when the new access token is used, rather than immediately upon refresh. This is based on the presence of the ‘previous_refresh_token` column in the database.

When true (column exists):

• Refresh tokens are NOT immediately revoked

• New access token stores the old refresh token value in ‘previous_refresh_token`

• Old refresh token is revoked later when the new access token is first used

• Multiple concurrent refresh requests can succeed (no database locks)

• Better database performance and lower latency

When false (column does not exist):

• Refresh tokens are immediately revoked using database locks

• Only one concurrent refresh request can succeed

• May experience database lock contention under high load

To enable the revoke-on-use feature and improve performance:

rails generate doorkeeper:previous_refresh_token
rails db:migrate

Returns:

• (Boolean) —

  true if previous_refresh_token column exists

# File 'lib/doorkeeper/orm/active_record/mixins/access_token.rb', line 65

def refresh_token_revoked_on_use?
  column_names.include?("previous_refresh_token")
end