Class: StandardId::Api::Oauth::RegistrationsController

Inherits:

BaseController

Object
ActionController::API
BaseController
BaseController
StandardId::Api::Oauth::RegistrationsController

show all

Defined in:: app/controllers/standard_id/api/oauth/registrations_controller.rb

Overview

RFC 7591 Dynamic Client Registration endpoint (POST /oauth/register).

The endpoint is fully absent (404) unless ‘StandardId.config.oauth.dynamic_registration_enabled` is true — an open, unauthenticated registration endpoint is state-mutating attack surface, so it is opt-in. When enabled, the controller stays thin: it parses the JSON client metadata and delegates the RFC 7591 -> ClientApplication mapping (and the engine’s security defaults) to StandardId::Oauth::ClientRegistration.

Constant Summary

Constants included from RateLimitHandling

RateLimitHandling::RATE_LIMIT_STORE

Instance Method Summary collapse

#create ⇒ Object

POST /oauth/register.

Methods included from ControllerPolicy

all_controllers, authenticated_controllers, public_controllers, register, registry_snapshot, reset_registry!

Instance Method Details

#create ⇒ `Object`

POST /oauth/register

# File 'app/controllers/standard_id/api/oauth/registrations_controller.rb', line 27

def create
  result = StandardId::Oauth::ClientRegistration.call(client_metadata)
  render json: registration_response(result), status: :created
end