Adding custom attributes to the access token model

[jonathansimmons]

I'm trying to figure out if my need below is possible. The internet and StackOverflow were both dead ends, so I'm hoping a maintainer can help point me in a direction.

My goal is to store a user-selected account_id on the access token during initial grant creation and ensure that the same account_id is continually passed during the refresh_token process.

My thought was to allow users to select an account during authorization, but I can't work out what is actually creating the token and if it shares context with the grant to be aware of the form data submitted with the authorization grant

The account_id needs to be on the AccessToken so I can reference it in the payload. I can't access it based on the current_resource_owner because the user can swap between accounts. This means the user's current_account could have changed since the OAuth grant/token were created.

Is this possible? can someone point me in a direction?

[jonathansimmons]

To be clear, I know that I can override the Doorkeeper::AccessToken model, and I'm happy to. My question is more related to understanding where the token creation is happening and if I can pass it values from the authorization grant flow.

[nbulaj]

Hi @jonathansimmons . If I understood your questions correctly you need something like this: #1602

Which is currently impossible without overriding some Doorkeeper internals (I mean no config options which allows to do it).

and ensure that the same account_id is continually passed during the refresh_token process.

For this one you will definitely need to to go deeper into gem classes, RefreshToken strategy & request.

[jonathansimmons]

This looks to be exactly what I was hoping for, implemented as a doorkeeper config option.

This PR gives me some insight into what I'd need to do to modify the doorkeeper to have this functionality manually, but I'd prefer not to break form the released gem if possible. I'll move my comments to the PR.