socialcast · atomgas · Nov 12, 2011 · Nov 15, 2011 · Nov 15, 2011 · wireframe
diff --git a/app/controllers/devise/oauth2_providable/tokens_controller.rb b/app/controllers/devise/oauth2_providable/tokens_controller.rb
@@ -1,4 +1,5 @@
 class Devise::Oauth2Providable::TokensController < ApplicationController
+  before_filter :clear_session
   before_filter :authenticate_user!
   skip_before_filter :verify_authenticity_token, :only => :create
 
@@ -7,10 +8,31 @@ def create
     @access_token = @refresh_token.access_tokens.create!(:client => oauth2_current_client, :user => current_user)
     render :json => @access_token.token_response
   end
+
+  def destroy
+    oauth2_current_refresh_token.destroy if oauth2_current_refresh_token
+
+    oauth2_current_access_token.destroy if oauth2_current_access_token
+
+    head :status => 204
+  end
+
   private
+  # clear the session, so devise does not use session cookie based auth in any case
+  # the iPhone SDK by default has a shared cookie jar for WebViews and NSURL Request's
+  # and thus will send a cookie to this method
+  def clear_session
+    session.clear
+  end  
+
   def oauth2_current_client
    env[Devise::Oauth2Providable::CLIENT_ENV_REF]
   end
+
+  def oauth2_current_access_token
+    env[Devise::Oauth2Providable::ACCESS_TOKEN_ENV_REF]
+  end
+
   def oauth2_current_refresh_token
     env[Devise::Oauth2Providable::REFRESH_TOKEN_ENV_REF]
   end

diff --git a/app/models/devise/oauth2_providable/refresh_token.rb b/app/models/devise/oauth2_providable/refresh_token.rb
@@ -1,5 +1,5 @@
 class Devise::Oauth2Providable::RefreshToken < ActiveRecord::Base
   expires_according_to :refresh_token_expires_in
 
-  has_many :access_tokens
+  has_many :access_tokens, :dependent => :delete_all
 end
diff --git a/config/routes.rb b/config/routes.rb
@@ -3,5 +3,5 @@
 
   resources :authorizations, :only => :create
   match 'authorize' => 'authorizations#new'
-  resource :token, :only => :create
+  resource :token, :only => [:create, :destroy]
 end
diff --git a/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb b/lib/devise/oauth2_providable/strategies/oauth2_providable_strategy.rb
@@ -11,6 +11,7 @@ def authenticate!
         @req.setup!
         token = Devise::Oauth2Providable::AccessToken.find_by_token @req.access_token
         env[Devise::Oauth2Providable::CLIENT_ENV_REF] = token.client if token
+        env[Devise::Oauth2Providable::ACCESS_TOKEN_ENV_REF] = token
         resource = token ? token.user : nil
         if validate(resource)
           success! resource

diff --git a/lib/devise_oauth2_providable.rb b/lib/devise_oauth2_providable.rb
@@ -15,6 +15,7 @@ module Devise
   module Oauth2Providable
     CLIENT_ENV_REF = 'oauth2.client'
     REFRESH_TOKEN_ENV_REF = "oauth2.refresh_token"
+    ACCESS_TOKEN_ENV_REF = "oauth2.access_token"
 
     class << self
       def random_id

diff --git a/spec/routing/tokens_routing_spec.rb b/spec/routing/tokens_routing_spec.rb
@@ -8,5 +8,9 @@
     it 'routes POST /oauth2/token' do
       post('/oauth2/token').should route_to('devise/oauth2_providable/tokens#create')
     end
+
+    # it 'routes DELETE /oauth2/token' do
+    #   post('/oauth2/token').should route_to('devise/oauth2_providable/tokens#destroy')
+    # end
   end
-end
+end