Class: Doorkeeper::TokensController

Inherits:
ApplicationMetalController show all
Defined in:
app/controllers/doorkeeper/tokens_controller.rb

Constant Summary

Constants inherited from ApplicationMetalController

ApplicationMetalController::MODULES

Instance Method Summary collapse

Instance Method Details

#createObject


3
4
5
6
7
8
9
10
# File 'app/controllers/doorkeeper/tokens_controller.rb', line 3

def create
  response = strategy.authorize
  self.headers.merge! response.headers
  self.response_body = response.body.to_json
  self.status        = response.status
rescue Errors::DoorkeeperError => e
  handle_token_exception e
end

#revokeObject

OAuth 2.0 Token Revocation - tools.ietf.org/html/rfc7009


13
14
15
16
17
18
19
20
21
22
23
# File 'app/controllers/doorkeeper/tokens_controller.rb', line 13

def revoke
  # The authorization server first validates the client credentials
  if doorkeeper_token && doorkeeper_token.accessible?
    # Doorkeeper does not use the token_type_hint logic described in the RFC 7009
    # due to the refresh token implementation that is a field in the access token model.
    revoke_token(request.POST['token']) if request.POST['token']
  end
  # The authorization server responds with HTTP status code 200 if the
  # token has been revoked successfully or if the client submitted an invalid token
  render json: {}, status: 200
end