AshAuthentication.Oauth2Server.RefreshTokenResource.Verifier (ash_authentication_oauth2_server v0.2.1)

Copy Markdown View Source

Verifies the refresh-token resource has the shape the Token core depends on:

  • :id attribute is writable (the library pre-allocates the new refresh row's id so a rotation is one filtered UPDATE).
  • Every attribute the Token core reads/writes exists with the expected type — token_hash, client_id, user_id, scope, resource_uri, expires_at, rotated_to_id, rotated_at, revoked_at.
  • :rotate action exists and carries AshAuthentication.Oauth2Server.Changes.RotateRefreshToken, which attaches the atomic filter (filters already-rotated / already-revoked rows out of the underlying UPDATE; race-safety lives entirely here).

Violations raise at resource-compile time with a fix-it message.