From 1d51a1c08229bc697f49511f03743f8ec0ec6bc9 Mon Sep 17 00:00:00 2001 From: Ken Mayer Date: Sun, 10 Mar 2024 20:29:49 -0700 Subject: [PATCH 1/2] Allow a TokenResponse body to be customized We have a use case where we need to include some additional information in the token response body to help the client applications with our multi-tenant setup. Adding the memoization allows us to modify the body object during the after_successful_authorization callback: ```ruby after_successful_authorization do |controller, context| case context.auth when Doorkeeper::OAuth::TokenResponse context.auth.body["tenant_id"] = context.auth.token.tenant_id end end ``` (Assuming that `tenant_id` was added to `custom_access_token_attributes`.) I considered adding attributes via `custom_access_token_attributes` in `#body` directly, but that would change the existing behavior of the `TokenResponse` everywhere. --- CHANGELOG.md | 1 + lib/doorkeeper/oauth/token_response.rb | 2 +- spec/lib/oauth/token_response_spec.rb | 22 ++++++++++++++++++++++ 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index ae950b08b..3ee7e735c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ User-visible changes worth mentioning. ## main +- [#PR ID] Allow a TokenResponse body to be customized. - [#1696] Add missing `#issued_token` method to `OAuth::TokenResponse` ## 5.6.9 diff --git a/lib/doorkeeper/oauth/token_response.rb b/lib/doorkeeper/oauth/token_response.rb index a000b0112..a1d44b493 100644 --- a/lib/doorkeeper/oauth/token_response.rb +++ b/lib/doorkeeper/oauth/token_response.rb @@ -12,7 +12,7 @@ def initialize(token) end def body - { + @body ||= { "access_token" => token.plaintext_token, "token_type" => token.token_type, "expires_in" => token.expires_in_seconds, diff --git a/spec/lib/oauth/token_response_spec.rb b/spec/lib/oauth/token_response_spec.rb index 8de8e6ea7..70a7de0a0 100644 --- a/spec/lib/oauth/token_response_spec.rb +++ b/spec/lib/oauth/token_response_spec.rb @@ -55,6 +55,28 @@ end end + describe ".body attributes" do + subject(:token_response) { described_class.new(access_token) } + + let(:access_token) do + double :access_token, + plaintext_token: "some-token", + expires_in: "3600", + expires_in_seconds: "300", + scopes_string: "two scopes", + plaintext_refresh_token: "some-refresh-token", + token_type: "Bearer", + custom_parameter: "custom_value", + created_at: 0 + end + + it "can be augmented" do + token_response.body["custom_parameter"] = access_token.custom_parameter + + expect(token_response.body["custom_parameter"]).to eq("custom_value") + end + end + describe ".body filters out empty values" do subject(:body) { described_class.new(access_token).body } From 01343d159b712b7486bf0f3953c3bbd2caaf90b3 Mon Sep 17 00:00:00 2001 From: Ken Mayer Date: Sun, 10 Mar 2024 20:42:39 -0700 Subject: [PATCH 2/2] add PR ID --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3ee7e735c..f77baf81d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,8 +7,8 @@ User-visible changes worth mentioning. ## main -- [#PR ID] Allow a TokenResponse body to be customized. - [#1696] Add missing `#issued_token` method to `OAuth::TokenResponse` +- [#1697] Allow a TokenResponse body to be customized. ## 5.6.9