Add custom expiration time based on scopes #1102
Conversation
| @@ -35,7 +35,7 @@ def find_or_create_access_token(client, resource_owner_id, scopes, server) | |||
| client, | |||
| resource_owner_id, | |||
| scopes, | |||
| Authorization::Token.access_token_expires_in(server, client, grant_type), | |||
| Authorization::Token.access_token_expires_in(server, client, grant_type, scopes), | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [91/80]
| oauth_client = if pre_auth_or_oauth_client.respond_to?(:client) | ||
| pre_auth_or_oauth_client.client | ||
| else | ||
| pre_auth_or_oauth_client | ||
| end | ||
|
|
||
| server.custom_access_token_expires_in.call(oauth_client, grant_type) | ||
| server.custom_access_token_expires_in.call(oauth_client, grant_type, scopes) |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [88/80]
| @@ -15,14 +15,14 @@ def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | |||
|
|
|||
| private | |||
|
|
|||
| def custom_expiration(server, pre_auth_or_oauth_client, grant_type) | |||
| def custom_expiration(server, pre_auth_or_oauth_client, grant_type, scopes) | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [85/80]
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | ||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type)) | ||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type, scopes) | ||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type, scopes)) |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [101/80]
| @@ -5,8 +5,8 @@ class Token | |||
| attr_accessor :pre_auth, :resource_owner, :token | |||
|
|
|||
| class << self | |||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | |||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type)) | |||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type, scopes) | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [91/80]
lib/doorkeeper/config.rb
Outdated
| @@ -236,7 +236,7 @@ def option(name, options = {}) | |||
| default: ->(_request, _response) {} | |||
| option :skip_authorization, default: ->(_routes) {} | |||
| option :access_token_expires_in, default: 7200 | |||
| option :custom_access_token_expires_in, default: ->(_app, _grant) { nil } | |||
| option :custom_access_token_expires_in, default: ->(_app, _grant, _scopes) { nil } | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [86/80]
| @@ -35,7 +35,7 @@ def find_or_create_access_token(client, resource_owner_id, scopes, server) | |||
| client, | |||
| resource_owner_id, | |||
| scopes, | |||
| Authorization::Token.access_token_expires_in(server, client, grant_type), | |||
| Authorization::Token.access_token_expires_in(server, client, grant_type, scopes), | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [91/80]
| oauth_client = if pre_auth_or_oauth_client.respond_to?(:client) | ||
| pre_auth_or_oauth_client.client | ||
| else | ||
| pre_auth_or_oauth_client | ||
| end | ||
|
|
||
| server.custom_access_token_expires_in.call(oauth_client, grant_type) | ||
| server.custom_access_token_expires_in.call(oauth_client, grant_type, scopes) |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [88/80]
| @@ -15,14 +15,14 @@ def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | |||
|
|
|||
| private | |||
|
|
|||
| def custom_expiration(server, pre_auth_or_oauth_client, grant_type) | |||
| def custom_expiration(server, pre_auth_or_oauth_client, grant_type, scopes) | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [85/80]
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | ||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type)) | ||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type, scopes) | ||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type, scopes)) |
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [101/80]
| @@ -5,8 +5,8 @@ class Token | |||
| attr_accessor :pre_auth, :resource_owner, :token | |||
|
|
|||
| class << self | |||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type) | |||
| if (expiration = custom_expiration(server, pre_auth_or_oauth_client, grant_type)) | |||
| def access_token_expires_in(server, pre_auth_or_oauth_client, grant_type, scopes) | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [91/80]
lib/doorkeeper/config.rb
Outdated
| @@ -236,7 +236,7 @@ def option(name, options = {}) | |||
| default: ->(_request, _response) {} | |||
| option :skip_authorization, default: ->(_routes) {} | |||
| option :access_token_expires_in, default: 7200 | |||
| option :custom_access_token_expires_in, default: ->(_app, _grant) { nil } | |||
| option :custom_access_token_expires_in, default: ->(_app, _grant, _scopes) { nil } | |||
There was a problem hiding this comment.
Metrics/LineLength: Line is too long. [86/80]
|
Hi @thatsmydoing . Thanks for your work! For sure it can be useful. I also think that this option (and not only it) becomes to bloated and it's definitely requires refactoring. We can extract it to a class, yep. What about specs - you can check the sample in the relevant PR |
|
Alright, I'll try to extract it out into a class then. For testing, I'd like to know how to mock in the scopes since that's not quite obvious to me. |
| @@ -85,7 +87,9 @@ module Doorkeeper::OAuth | |||
| let(:server) do | |||
| double :server, | |||
| access_token_expires_in: 2.minutes, | |||
| custom_access_token_expires_in: ->(_oauth_client, grant) { grant == Doorkeeper::OAuth::REFRESH_TOKEN ? 1234 : nil } | |||
| custom_access_token_expires_in: ->(context) { | |||
There was a problem hiding this comment.
Style/Lambda: Use the lambda method for multiline lambdas.
| @@ -30,7 +30,9 @@ module Doorkeeper::OAuth | |||
| it 'issues a new token for the client with custom expires_in' do | |||
| server = double :server, | |||
| access_token_expires_in: 2.minutes, | |||
| custom_access_token_expires_in: ->(_app, grant) { grant == Doorkeeper::OAuth::REFRESH_TOKEN ? 1234 : nil } | |||
| custom_access_token_expires_in: ->(context) { | |||
There was a problem hiding this comment.
Style/Lambda: Use the lambda method for multiline lambdas.
| expect do | ||
| subject.authorize | ||
| end.to change { Doorkeeper::AccessToken.count }.by(1) | ||
| expect(Doorkeeper::AccessToken.last.expires_in).to eq(12345) |
There was a problem hiding this comment.
Style/NumericLiterals: Use underscores(_) as decimal mark and separate every 3 digits with them.
| access_token_expires_in: 2.hours, | ||
| refresh_token_enabled?: false, | ||
| custom_access_token_expires_in: ->(context) { | ||
| context.scopes.exists?('public') ? 12345 : nil |
There was a problem hiding this comment.
Style/NumericLiterals: Use underscores(_) as decimal mark and separate every 3 digits with them.
| default_scopes: Doorkeeper::OAuth::Scopes.new, | ||
| access_token_expires_in: 2.hours, | ||
| refresh_token_enabled?: false, | ||
| custom_access_token_expires_in: ->(context) { |
There was a problem hiding this comment.
Style/Lambda: Use the lambda method for multiline lambdas.
| @@ -7,7 +7,7 @@ class Doorkeeper::OAuth::ClientCredentialsRequest | |||
| double( | |||
| :server, | |||
| access_token_expires_in: 100, | |||
| custom_access_token_expires_in: ->(_app, _grant) { nil } | |||
| custom_access_token_expires_in: ->(context) { nil } | |||
There was a problem hiding this comment.
Lint/UnusedBlockArgument: Unused block argument - context. If it's necessary, use _ or _context as an argument name to indicate that it won't be used. Also consider using a proc without arguments instead of a lambda if you want it to accept any arguments but don't care about them.
spec/lib/oauth/base_request_spec.rb
Outdated
| "public", | ||
| server | ||
| ) | ||
| expect(result.expires_in === 500) |
There was a problem hiding this comment.
Style/CaseEquality: Avoid the use of the case equality operator ===.
spec/lib/oauth/base_request_spec.rb
Outdated
| @@ -20,7 +20,7 @@ module Doorkeeper::OAuth | |||
| let(:server) do | |||
| double :server, | |||
| access_token_expires_in: 100, | |||
| custom_access_token_expires_in: ->(_app, _grant) { nil }, | |||
| custom_access_token_expires_in: ->(context) { nil }, | |||
There was a problem hiding this comment.
Lint/UnusedBlockArgument: Unused block argument - context. If it's necessary, use _ or _context as an argument name to indicate that it won't be used. Also consider using a proc without arguments instead of a lambda if you want it to accept any arguments but don't care about them.
| @@ -6,7 +6,9 @@ module Doorkeeper::OAuth | |||
| double :server, | |||
| access_token_expires_in: 2.days, | |||
| refresh_token_enabled?: false, | |||
| custom_access_token_expires_in: ->(_app, grant) { grant == Doorkeeper::OAuth::AUTHORIZATION_CODE ? 1234 : nil } | |||
| custom_access_token_expires_in: ->(context) { | |||
There was a problem hiding this comment.
Style/Lambda: Use the lambda method for multiline lambdas.
| @@ -0,0 +1,15 @@ | |||
| module Doorkeeper | |||
There was a problem hiding this comment.
Style/FrozenStringLiteralComment: Missing magic comment # frozen_string_literal: true.
thatsmydoing
force-pushed
the
scope-based-expiry
branch
2 times, most recently
from
d58edd7
to
8aa11ff
Compare
|
I think this should be good. Can someone look over it? |
| # custom_access_token_expires_in do |oauth_client, grant_type| | ||
| # oauth_client.application.additional_settings.implicit_oauth_expiration | ||
| # custom_access_token_expires_in do |context| | ||
| # context.client.application.additional_settings.implicit_oauth_expiration |
There was a problem hiding this comment.
Could you please add a note about available context methods?
|
Could you please squash commits and add an entry to news.md file? Good work btw! |
This also involves changes to how parameters are passed into `custom_access_token_expires_in`. They're now all bundled into one context object instead of being passed separately.
thatsmydoing
force-pushed
the
scope-based-expiry
branch
from
8aa11ff
to
0b336a1
Compare
| custom_ttl_scope | ||
| elsif context.grant_type == Doorkeeper::OAuth::CLIENT_CREDENTIALS | ||
| custom_ttl_grant | ||
| else |
There was a problem hiding this comment.
Style/EmptyElse: Redundant else-clause.
|
I've squashed the commits and added a news entry. I think this would also need an update in the migration guide as people will need to update their I'm not sure why coverage is failing since I did not change any code at all aside from squashing. |
Completely agree. We can do it right now because we bump a new major release. Do you want to edit Wiki page yourself or I'll do it? |
Summary
This allows customizing the expiration time based on the requested scopes. This works much in the same way as #1049
Other Information
I personally think
custom_access_token_expires_inis starting to get quite unwieldy with all the parameters. The method definition itself is getting quite long. Is this okay as it is now? Or would something like bundling everything into an object as a single parameter be something you'd like to happen?Also, I'm not exactly sure how to write tests for this change as well. I'd like some direction on that.