From 3adde01ebad7536223e8722b2e59e66be4225547 Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Wed, 10 Apr 2019 07:59:58 +0200
Subject: [PATCH] OAuth: Add client_credentials flow

---
 lib/pleroma/web/oauth/oauth_controller.ex | 24 +++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/lib/pleroma/web/oauth/oauth_controller.ex b/lib/pleroma/web/oauth/oauth_controller.ex
index 26d53df1a..6200b7a78 100644
--- a/lib/pleroma/web/oauth/oauth_controller.ex
+++ b/lib/pleroma/web/oauth/oauth_controller.ex
@@ -181,6 +181,9 @@ defmodule Pleroma.Web.OAuth.OAuthController do
     end
   end
 
+  # Is this function even ever used?
+  # def token_exchange(conn, %{"grant_type" => "password"} = params)
+  # should have grabbed it already
   def token_exchange(
         conn,
         %{"grant_type" => "password", "name" => name, "password" => _password} = params
@@ -193,6 +196,27 @@ defmodule Pleroma.Web.OAuth.OAuthController do
     token_exchange(conn, params)
   end
 
+  def token_exchange(conn, %{"grant_type" => "client_credentials"} = params) do
+    with %App{} = app <- get_app_from_request(conn, params),
+         {:ok, auth} <- Authorization.create_authorization(app, %User{}, scopes),
+         {:ok, token} <- Token.exchange_token(app, auth) do
+      response = %{
+        token_type: "Bearer",
+        access_token: token.token,
+        refresh_token: token.refresh_token,
+        created_at: DateTime.to_unix(inserted_at),
+        expires_in: 60 * 10,
+        scope: Enum.join(token.scopes, " ")
+      }
+
+      json(conn, response)
+    else
+      _error ->
+        put_status(conn, 400)
+        |> json(%{error: "Invalid credentials"})
+    end
+  end
+
   def token_revoke(conn, %{"token" => token} = params) do
     with %App{} = app <- get_app_from_request(conn, params),
          %Token{} = token <- Repo.get_by(Token, token: token, app_id: app.id),