app/models/request_token.rb

   1 class RequestToken < OauthToken
   2   def authorize!(user)
   3     return false if authorized?
   4     self.user = user
   5     self.authorized_at = Time.now
   6     self.save
   7   end
   8
   9   def exchange!
  10     return false unless authorized?
  11     RequestToken.transaction do
  12       logger.info("£££ In exchange!")
  13       params = { :user => user, :client_application => client_application }
  14       # copy the permissions from the authorised request token to the access token
  15       client_application.permissions.each { |p|
  16         logger.info("£££ copying permission #{p} = #{read_attribute(p).inspect}")
  17         params[p] = read_attribute(p)
  18       }
  19
  20       access_token = AccessToken.create(params)
  21       invalidate!
  22       access_token
  23     end
  24   end
  25 end