Resource Owner Password Credentials flow #82

Merged
merged 10 commits into from Apr 30, 2012

Projects

None yet

4 participants

@jaimeiniesta

As discussed here: #60

@felipeelias felipeelias commented on the diff Apr 30, 2012
lib/doorkeeper/oauth/password_access_token_request.rb
@@ -0,0 +1,144 @@
+# coding: utf-8
+
+# TODO: refactor to DRY up, this is very similar to AccessTokenRequest
@felipeelias
felipeelias Apr 30, 2012

Is this todo done?

@jaimeiniesta
jaimeiniesta Apr 30, 2012

No, this is pending, I'm not really sure about that and I thought to go ahead as it is now.

@felipeelias
felipeelias Apr 30, 2012

Whops, sorry. The refactor is necessary, but I mean, those lines:

# - it validates the owner is not null (should it verify it is valid?)
# - it doesn't need a redirect_uri
# - it should it verify grant_type is "password"

These seem to be done

@jaimeiniesta
jaimeiniesta Apr 30, 2012

Sure. I just removed this, they're done.

@felipeelias felipeelias commented on the diff Apr 30, 2012
spec/requests/flows/password_spec.rb
@@ -0,0 +1,81 @@
+# coding: utf-8
+
+# ========================================
+# Resource Owner Password Credentials flow
@felipeelias
felipeelias Apr 30, 2012

I think it will be better to have this sort of documentation in the wiki, what do you think?

@felipeelias felipeelias merged commit 709557d into doorkeeper-gem:master Apr 30, 2012
@jaimeiniesta

Nice :)

@felipeelias

Thanks for awesome work!

@jfrey

Hi, I followed along with the instructions provided for setting up password flow in this issue and the original issue #60 and haven't had success getting it working.

I'm on Rails 3.2.5 with Doorkeeper 0.4.1 and I'm seeing the following error when requesting password flow using curl:

uninitialized constant Doorkeeper::OAuth::PasswordAccessTokenRequest::ScopeChecker

doorkeeper (0.4.1) lib/doorkeeper/oauth/password_access_token_request.rb:115:in `validate_scope'
doorkeeper (0.4.1) lib/doorkeeper/validations.rb:11:in `block in validate'
doorkeeper (0.4.1) lib/doorkeeper/validations.rb:9:in `each'
doorkeeper (0.4.1) lib/doorkeeper/validations.rb:9:in `validate'
doorkeeper (0.4.1) lib/doorkeeper/oauth/password_access_token_request.rb:29:in `initialize'
doorkeeper (0.4.1) app/controllers/doorkeeper/tokens_controller.rb:29:in `new'
doorkeeper (0.4.1) app/controllers/doorkeeper/tokens_controller.rb:29:in `token'
doorkeeper (0.4.1) app/controllers/doorkeeper/tokens_controller.rb:7:in `create'

Any thoughts would be appreciated. Thanks!

@felipeelias

@johnfrey I'll investigate it today. Could you please open a new issue?

Thanks!

@benoist benoist commented on the diff Jun 21, 2012
lib/doorkeeper/oauth/password_access_token_request.rb
+ def authorization
+ auth = {
+ 'access_token' => access_token.token,
+ 'token_type' => access_token.token_type,
+ 'expires_in' => access_token.expires_in,
+ }
+ auth.merge!({'refresh_token' => access_token.refresh_token}) if refresh_token_enabled?
+ auth
+ end
+
+ def valid?
+ self.error.nil?
+ end
+
+ def access_token
+ @access_token
@benoist
benoist Jun 21, 2012

In AccessTokenRequest you check for an existing token and use it if it's available.

Is there a reason why this is not the case for the PasswordAccessTokenRequest?

@felipeelias
felipeelias Jun 21, 2012

This behaviour is missing on this flow, and it should be added.

Thanks for pointing that out. Feel free to open a issue/pull r

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment