Class: Toolchest::Oauth::AuthorizationsController

Inherits:
ApplicationController show all
Defined in:
app/controllers/toolchest/oauth/authorizations_controller.rb

Instance Method Summary collapse

Instance Method Details

#createObject

POST /mcp/oauth/authorize — approve and redirect with code



48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
# File 'app/controllers/toolchest/oauth/authorizations_controller.rb', line 48

def create
  unless toolchest_config.authorize_link?(@current_resource_owner)
    redirect_url = build_redirect(params[:redirect_uri],
      error: "access_denied",
      error_description: "User is not authorized to connect",
      state: params[:state]
    )
    redirect_to redirect_url, allow_other_host: true
    return
  end

  requested = original_requested_scopes
  allowed = toolchest_config.resolve_allowed_scopes(@current_resource_owner, requested)
  known = toolchest_config.scopes.keys
  allowed = allowed & known if known.any?
  required = Array(toolchest_config.required_scopes) & known

  granted = if toolchest_config.optional_scopes
    submitted = Array(params[:scope])
    (submitted & allowed) | required
  else
    allowed | required
  end

  grant = Toolchest::OauthAccessGrant.create_for(
    application: @application,
    resource_owner_id: current_resource_owner_id,
    redirect_uri: params[:redirect_uri],
    scopes: granted.join(" "),
    mount_key: mount_key,
    code_challenge: params[:code_challenge],
    code_challenge_method: params[:code_challenge_method]
  )

  redirect_url = build_redirect(params[:redirect_uri],
    code: grant.raw_code,
    state: params[:state]
  )
  redirect_to redirect_url, allow_other_host: true
end

#denyObject

DELETE /mcp/oauth/authorize — user denied



39
40
41
42
43
44
45
 
# File 'app/controllers/toolchest/oauth/authorizations_controller.rb', line 39

def deny
  redirect_url = build_redirect(params[:redirect_uri],
    error: "access_denied",
    state: params[:state]
  )
  redirect_to redirect_url, allow_other_host: true
end

#newObject

GET /mcp/oauth/authorize — consent screen



8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
 
# File 'app/controllers/toolchest/oauth/authorizations_controller.rb', line 8

def new
  @client_name = @application.name
  @redirect_uri = params[:redirect_uri]
  @optional = toolchest_config.optional_scopes
  @original_scope = requested_scopes.join(" ")

  unless toolchest_config.authorize_link?(@current_resource_owner)
    redirect_url = build_redirect(params[:redirect_uri],
      error: "access_denied",
      error_description: "User is not authorized to connect",
      state: params[:state]
    )
    redirect_to redirect_url, allow_other_host: true
    return
  end

  requested = requested_scopes
  allowed = toolchest_config.resolve_allowed_scopes(@current_resource_owner, requested)
  known = toolchest_config.scopes.keys
  allowed = allowed & known if known.any?
  required = Array(toolchest_config.required_scopes) & known
  visible = (allowed | required).uniq

  @scope_list = visible.map { |s|
    { name: s, description: toolchest_config.scopes[s] || s, required: required.include?(s) }
  }
  @oauth_params = oauth_hidden_params
  @authorize_url = "#{request.script_name}/oauth/authorize"
end