app/models/request_token.rb

   1 class RequestToken < OauthToken
   2   def authorize!(user)
   3     return false if authorized?
   4     self.user = user
   5     self.authorized_at = Time.now
   6     self.save
   7   end
   8
   9   def exchange!
  10     return false unless authorized?
  11     RequestToken.transaction do
  12       params = { :user => user, :client_application => client_application }
  13       # copy the permissions from the authorised request token to the access token
  14       client_application.permissions.each { |p|
  15         params[p] = read_attribute(p)
  16       }
  17
  18       access_token = AccessToken.create(params)
  19       invalidate!
  20       access_token
  21     end
  22   end
  23 end