35 lines
804 B
Ruby
35 lines
804 B
Ruby
module AccessTokenValidationService
|
|
# Results:
|
|
VALID = :valid
|
|
EXPIRED = :expired
|
|
REVOKED = :revoked
|
|
INSUFFICIENT_SCOPE = :insufficient_scope
|
|
|
|
class << self
|
|
def validate(token, scopes: [])
|
|
if token.expired?
|
|
return EXPIRED
|
|
|
|
elsif token.revoked?
|
|
return REVOKED
|
|
|
|
elsif !self.sufficient_scope?(token, scopes)
|
|
return INSUFFICIENT_SCOPE
|
|
|
|
else
|
|
return VALID
|
|
end
|
|
end
|
|
|
|
# True if the token's scope contains any of the required scopes.
|
|
def sufficient_scope?(token, required_scopes)
|
|
if required_scopes.blank?
|
|
true
|
|
else
|
|
# Check whether the token is allowed access to any of the required scopes.
|
|
Set.new(required_scopes).intersection(Set.new(token.scopes)).present?
|
|
end
|
|
end
|
|
end
|
|
end
|