zaikio-oauth_client 0.7.2 → 0.8.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32f871e3c1b27ab91ce3bbaa35d4ac460cc12d93401c1b73d4dd618cd83d1f00
-  data.tar.gz: 1ce0459fdb769c4f5c7e31287cccc16d6fce74a819557dfa1c5c6cd3120991ee
+  metadata.gz: 72f0e0de7e7d6ffc5b63c74cc85d4a6891d7e938273b1cf661a7fe52d4ac3068
+  data.tar.gz: 3999e67bb374120c7f2fd08c7bb25414a45b616f7386b417f85164a4e65251ef
 SHA512:
-  metadata.gz: 567ac3217d0b63498fc6d18292c4b1fcdd6d8407c2341daae177388e2e68104bfd0aab00990606099b7e9f5d10dc13e7572586271eb0f76c8c6200520db81f81
-  data.tar.gz: b9366a697539fa31138e2ddc8b9f02f9dd6ed6cd11113bbc8ed3c1732301044395b19d033eda14d5b7bb7ad7c32f0836be6e89a000b2f7dd6270f05385846283
+  metadata.gz: 8196826c87334d5b762671c5fb723229f879da4c462deba8d1459754036d0328cf14f9fb8cbf10e8e67a55bf79dc9b9065523aa12ae46924eed574067d318270
+  data.tar.gz: a25db277b09d543b3f7ecee82a2cfab5b16d4163c2e5be80dc3881935c87622f3e458a02f05ef243adf8db9202d1651eda2267d9531a441006bd8151f284fb45

data/app/models/zaikio/access_token.rb

@@ -78,15 +78,17 @@ module Zaikio
           attributes.slice("token", "refresh_token")
         ).refresh!
 
-        access_token = self.class.build_from_access_token(
+        destroy
+
+        self.class.build_from_access_token(
           refreshed_token,
           requested_scopes: requested_scopes
-        )
-
-        transaction { destroy if access_token.save! }
-
-        access_token
+        ).tap(&:save!)
       end
+    rescue OAuth2::Error => e
+      raise unless e.code == "invalid_grant"
+
+      nil
     end
   end
 end

data/lib/zaikio/oauth_client.rb

@@ -57,34 +57,50 @@ module Zaikio
         end
       end
 
-      def get_access_token(client_name: nil, bearer_type: "Person", bearer_id: nil, scopes: nil) # rubocop:disable Metrics/MethodLength
-        client_name ||= self.client_name
-        client_config = client_config_for(client_name)
+      # Finds the best possible access token, using the DB or an API call
+      #   * If the token has expired, it will be refreshed using the refresh_token flow
+      #     (if this fails, we fallback to getting a new token using client_credentials)
+      #   * If the token does not exist, we'll get a new one using the client_credentials flow
+      def get_access_token(bearer_id:, client_name: nil, bearer_type: "Person", scopes: nil)
+        client_config = client_config_for(client_name || self.client_name)
         scopes ||= client_config.default_scopes_for(bearer_type)
 
-        access_token = Zaikio::AccessToken.where(audience: client_config.client_name)
-                                          .usable(
-                                            bearer_type: bearer_type,
-                                            bearer_id: bearer_id,
-                                            requested_scopes: scopes
-                                          )
-                                          .first
-
-        if access_token.blank?
-          access_token = Zaikio::AccessToken.build_from_access_token(
-            client_config.token_by_client_credentials(
-              bearer_type: bearer_type,
-              bearer_id: bearer_id,
-              scopes: scopes
-            ),
-            requested_scopes: scopes
+        token = find_usable_access_token(client_name: client_config.client_name,
+                                         bearer_type: bearer_type,
+                                         bearer_id: bearer_id,
+                                         requested_scopes: scopes)
+
+        token = token.refresh! if token&.expired?
+
+        token ||= fetch_new_token(client_config: client_config,
+                                  bearer_type: bearer_type,
+                                  bearer_id: bearer_id,
+                                  scopes: scopes)
+        token
+      end
+
+      # Finds the best usable access token. Note that this token may have expired and
+      # would require refreshing.
+      def find_usable_access_token(client_name:, bearer_type:, bearer_id:, requested_scopes:)
+        Zaikio::AccessToken
+          .where(audience: client_name)
+          .usable(
+            bearer_type: bearer_type,
+            bearer_id: bearer_id,
+            requested_scopes: requested_scopes
           )
-          access_token.save!
-        elsif access_token&.expired?
-          access_token = access_token.refresh!
-        end
+          .first
+      end
 
-        access_token
+      def fetch_new_token(client_config:, bearer_type:, bearer_id:, scopes:)
+        Zaikio::AccessToken.build_from_access_token(
+          client_config.token_by_client_credentials(
+            bearer_type: bearer_type,
+            bearer_id: bearer_id,
+            scopes: scopes
+          ),
+          requested_scopes: scopes
+        ).tap(&:save!)
       end
 
       def get_plain_scopes(scopes)

data/lib/zaikio/oauth_client/version.rb

@@ -1,5 +1,5 @@
 module Zaikio
   module OAuthClient
-    VERSION = "0.7.2".freeze
+    VERSION = "0.8.0".freeze
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: zaikio-oauth_client
 version: !ruby/object:Gem::Version
-  version: 0.7.2
+  version: 0.8.0
 platform: ruby
 authors:
 - Zaikio GmbH
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-03-29 00:00:00.000000000 Z
+date: 2021-03-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack