88d02ea35b
Client must now be registered prior to imitating a call to the token endpoint with the password flow. Squashed commits: [fdcef62] Rename authorization endpoint to protected resource endpoint
47 lines
1.1 KiB
Ruby
47 lines
1.1 KiB
Ruby
module OpenidConnect
|
|
class TokenEndpoint
|
|
attr_accessor :app
|
|
delegate :call, to: :app
|
|
|
|
def initialize
|
|
@app = Rack::OAuth2::Server::Token.new do |req, res|
|
|
o_auth_app = retrieveClient(req)
|
|
if isAppValid(o_auth_app, req)
|
|
handleFlows(req, res)
|
|
else
|
|
req.invalid_client!
|
|
end
|
|
end
|
|
end
|
|
|
|
def handleFlows(req, res)
|
|
case req.grant_type
|
|
when :password
|
|
handlePasswordFlow(req, res)
|
|
else
|
|
req.unsupported_grant_type!
|
|
end
|
|
end
|
|
|
|
def handlePasswordFlow(req, res)
|
|
user = User.find_for_database_authentication(username: req.username)
|
|
if user
|
|
if user.valid_password?(req.password)
|
|
res.access_token = user.tokens.create!.bearer_token
|
|
else
|
|
req.invalid_grant!
|
|
end
|
|
else
|
|
req.invalid_grant! # TODO: Change to user login: Perhaps redirect_to login_path?
|
|
end
|
|
end
|
|
|
|
def retrieveClient(req)
|
|
OAuthApplication.find_by_client_id req.client_id
|
|
end
|
|
|
|
def isAppValid(o_auth_app, req)
|
|
o_auth_app.client_secret == req.client_secret
|
|
end
|
|
end
|
|
end
|