lib/rodauth/features/oauth.rb in rodauth-oauth-0.6.1 vs lib/rodauth/features/oauth.rb in rodauth-oauth-0.7.0
- old
+ new
@@ -166,28 +166,28 @@
auth_value_method :oauth_application_default_scope, SCOPES.first
auth_value_method :oauth_application_scopes, SCOPES
auth_value_method :oauth_token_type, "bearer"
auth_value_method :oauth_refresh_token_protection_policy, "none" # can be: none, sender_constrained, rotation
- auth_value_method :invalid_client_message, "Invalid client"
- auth_value_method :invalid_grant_type_message, "Invalid grant type"
- auth_value_method :invalid_grant_message, "Invalid grant"
- auth_value_method :invalid_scope_message, "Invalid scope"
+ translatable_method :invalid_client_message, "Invalid client"
+ translatable_method :invalid_grant_type_message, "Invalid grant type"
+ translatable_method :invalid_grant_message, "Invalid grant"
+ translatable_method :invalid_scope_message, "Invalid scope"
- auth_value_method :invalid_url_message, "Invalid URL"
- auth_value_method :unsupported_token_type_message, "Invalid token type hint"
+ translatable_method :invalid_url_message, "Invalid URL"
+ translatable_method :unsupported_token_type_message, "Invalid token type hint"
- auth_value_method :unique_error_message, "is already in use"
- auth_value_method :null_error_message, "is not filled"
- auth_value_method :already_in_use_message, "error generating unique token"
+ translatable_method :unique_error_message, "is already in use"
+ translatable_method :null_error_message, "is not filled"
+ translatable_method :already_in_use_message, "error generating unique token"
auth_value_method :already_in_use_error_code, "invalid_request"
# PKCE
auth_value_method :code_challenge_required_error_code, "invalid_request"
- auth_value_method :code_challenge_required_message, "code challenge required"
+ translatable_method :code_challenge_required_message, "code challenge required"
auth_value_method :unsupported_transform_algorithm_error_code, "invalid_request"
- auth_value_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
+ translatable_method :unsupported_transform_algorithm_message, "transform algorithm not supported"
# METADATA
auth_value_method :oauth_metadata_service_documentation, nil
auth_value_method :oauth_metadata_ui_locales_supported, nil
auth_value_method :oauth_metadata_op_policy_uri, nil
@@ -1101,10 +1101,18 @@
**update_params,
oauth_tokens_oauth_token_id_column => oauth_token[oauth_tokens_id_column],
oauth_tokens_scopes_column => oauth_token[oauth_tokens_scopes_column]
}
+ refresh_token = oauth_unique_id_generator
+
+ if oauth_tokens_refresh_token_hash_column
+ insert_params[oauth_tokens_refresh_token_hash_column] = generate_token_hash(refresh_token)
+ else
+ insert_params[oauth_tokens_refresh_token_column] = refresh_token
+ end
+
# revoke the refresh token
oauth_tokens_ds.where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
.update(oauth_tokens_revoked_at_column => Sequel::CURRENT_TIMESTAMP)
insert_params[oauth_tokens_oauth_token_id_column] = oauth_token[oauth_tokens_id_column]
@@ -1114,10 +1122,11 @@
ds = oauth_tokens_ds.where(oauth_tokens_id_column => oauth_token[oauth_tokens_id_column])
__update_and_return__(ds, update_params)
end
oauth_token[oauth_tokens_token_column] = token
+ oauth_token[oauth_tokens_refresh_token_column] = refresh_token if refresh_token
oauth_token
end
end
TOKEN_HINT_TYPES = %w[access_token refresh_token].freeze
@@ -1139,10 +1148,11 @@
{
active: true,
scope: token[oauth_tokens_scopes_column],
client_id: oauth_application[oauth_applications_client_id_column],
# username
- token_type: oauth_token_type
+ token_type: oauth_token_type,
+ exp: token[oauth_tokens_expires_in_column].to_i
}
end
# Token revocation