merge current master in and tweak code to work with it/match the style

README.md

@@ -53,6 +53,11 @@ Doorkeeper::JWT.configure do
     }
   end
 
+  # Use the application secret specified in the Access Grant token
+  # Defaults to false
+  # If you specify `use_application_secret true`, both secret_key and secret_key_path will be ignored
+  use_application_secret false
+
   # Set the encryption secret. This would be shared with any other applications
   # that should be able to read the payload of the token.
   # Defaults to "secret"

lib/doorkeeper-jwt.rb

@@ -8,7 +8,7 @@ class << self
       def generate(opts = {})
         ::JWT.encode(
           token_payload(opts),
-          secret_key,
+          secret_key(opts),
           encryption_method
         )
       end
@@ -19,7 +19,10 @@ def token_payload(opts = {})
         Doorkeeper::JWT.configuration.token_payload.call opts
       end
 
-      def secret_key
+      def secret_key(opts)
+        opts = { application: {} }.merge(opts)
+
+        return application_secret(opts) if use_application_secret?
         return secret_key_file unless secret_key_file.nil?
         return rsa_key if rsa_encryption?
         return ecdsa_key if ecdsa_encryption?
@@ -37,6 +40,16 @@ def encryption_method
         Doorkeeper::JWT.configuration.encryption_method.to_s.upcase
       end
 
+      def use_application_secret?
+        return false unless Doorkeeper::JWT.configuration.use_application_secret
+      end
+
+      def application_secret(opts)
+        opts = { application: {} }.merge(opts)
+        return opts[:application][:secret] if opts[:application][:secret]
+        fail "JWT `use_application_secret` config set, but app has no secret set."
+      end
+
       def rsa_encryption?
         /RS\d{3}/ =~ encryption_method
       end

lib/doorkeeper-jwt/config.rb

@@ -25,6 +25,13 @@ def build
           @config
         end
 
+        def use_application_secret(use_application_secret)
+          @config.instance_variable_set(
+            "@use_application_secret",
+            use_application_secret
+          )
+        end
+
         def secret_key(secret_key)
           @config.instance_variable_set('@secret_key', secret_key)
         end
@@ -104,10 +111,15 @@ def extended(base)
 
       option :token_payload,
         default: proc{ { token: SecureRandom.method(:hex) } }
+      option :use_application_secret, default: false
       option :secret_key, default: nil
       option :secret_key_path, default: nil
       option :encryption_method, default: nil
 
+      def use_application_secret
+        @use_application_secret ||= false
+      end
+
       def secret_key
         @secret_key ||= nil
       end

spec/doorkeeper-jwt/config_spec.rb

@@ -35,6 +35,21 @@
     end
   end
 
+  describe "use_application_secret" do
+    it "defaults to false" do
+      Doorkeeper::JWT.configure do
+      end
+      expect(subject.use_application_secret).to be false
+    end
+
+    it "changes the value of secret_key to the application's secret" do
+      Doorkeeper::JWT.configure do
+        use_application_secret true
+      end
+      expect(subject.use_application_secret).to be true
+    end
+  end
+
   describe 'secret_key' do
     it 'defaults to nil' do
       Doorkeeper::JWT.configure do

spec/doorkeeper-jwt/doorkeeper-jwt_spec.rb

@@ -187,5 +187,26 @@
       expect(decoded_token[1]["typ"]).to eq "JWT"
       expect(decoded_token[1]["alg"]).to eq "ES512"
     end
+
+    it "creates a signed JWT token encrypted with an app secret" do
+      secret_key = OpenSSL::PKey::RSA.new(1024)
+      Doorkeeper::JWT.configure do
+        use_application_secret true
+        token_payload do
+          {
+            foo: "bar"
+          }
+        end
+        secret_key secret_key.to_s
+        encryption_method :rs512
+      end
+
+      token = Doorkeeper::JWT.generate(application: { secret: secret_key })
+      decoded_token = ::JWT.decode(token, secret_key, "RS512")
+      expect(decoded_token[0]).to be_a(Hash)
+      expect(decoded_token[0]["foo"]).to eq "bar"
+      expect(decoded_token[1]["typ"]).to eq "JWT"
+      expect(decoded_token[1]["alg"]).to eq "RS512"
+    end
   end
 end