Class: StandardId::ClientGrant

Inherits:

Object
ActiveRecord::Base
ApplicationRecord
StandardId::ClientGrant

show all

Defined in:: app/models/standard_id/client_grant.rb

Overview

Records a user’s prior consent to an OAuth client, so repeat authorizations for the same (account, client) skip the consent screen. One row per (account, client); re-approval updates the stored scope.

Class Method Summary collapse

.granted?(account:, client_id:, requested_scope: nil) ⇒ Boolean

Whether ‘account` has already consented to `client_id` covering every scope token in `requested_scope`.
.record!(account:, client_id:, scope: nil) ⇒ Object

Record (or update) a grant for the given account + client + scope.

Class Method Details

.granted?(account:, client_id:, requested_scope: nil) ⇒ `Boolean`

Whether ‘account` has already consented to `client_id` covering every scope token in `requested_scope`. A grant with a nil/blank stored scope is treated as covering nothing new only when the request also asks for nothing (blank request) — otherwise the requested tokens must all be a subset of the previously granted set.

Returns:

(Boolean)

# File 'app/models/standard_id/client_grant.rb', line 18

def self.granted?(account:, client_id:, requested_scope: nil)
  return false if account.nil? || client_id.blank?

  grant = find_by(account_id: account.id, client_id: client_id)
  return false unless grant

  requested = scope_tokens(requested_scope)
  return true if requested.empty?

  granted = scope_tokens(grant.scope)
  (requested - granted).empty?
end

.record!(account:, client_id:, scope: nil) ⇒ `Object`

Record (or update) a grant for the given account + client + scope.

# File 'app/models/standard_id/client_grant.rb', line 32

def self.record!(account:, client_id:, scope: nil)
  grant = find_or_initialize_by(account_id: account.id, client_id: client_id)
  grant.scope = scope
  grant.save!
  grant
end