我正在处理ActionCable,并在我的rails应用程序中实现了Doorkeeper授权。
我想使用Doorkeeper::AccessToken和ActionCable来实现authenticate我的客户端
下面是我现在的认证方式:
module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
identified_by :room_id
def connect
self.current_user = find_verified_user
self.room_id = @user.ac_channel_room
end
def disconnect
# When user will disconnect action cable, this method call will be executed.
end
private
def find_verified_user
check_access_token
@user = User.find_by_id(@resource_owner_id) if @resource_owner_id
reject_unauthorized_connection unless @user
end
def check_access_token
# Check provided token is valid or not
params = request.query_parameters
@access_token ||= Doorkeeper::AccessToken.by_token(params[:access_token])
@resource_owner_id = @access_token&.resource_owner_id
end
end
end问题是这也允许体验访问令牌。
救命啊!
1条答案
按热度按时间oiopk7p51#
您的问题将允许与过期的
Doorkeeper::AccessToken对象进行操作电缆连接。解决方案如下: