Class: Google::Auth::UserRefreshCredentials
- Inherits:
-
Signet::OAuth2::Client
- Object
- Signet::OAuth2::Client
- Google::Auth::UserRefreshCredentials
- Extended by:
- CredentialsLoader
- Defined in:
- lib/googleauth/user_refresh.rb
Overview
Authenticates requests using User Refresh credentials.
This class allows authorizing requests from user refresh tokens.
This the end of the result of a 3LO flow. E.g, the end result of ‘gcloud auth login’ saves a file with these contents in well known location
cf [Application Default Credentials](goo.gl/mkAHpZ)
Constant Summary collapse
- TOKEN_CRED_URI =
'https://oauth2.googleapis.com/token'.freeze
- AUTHORIZATION_URI =
'https://accounts.google.com/o/oauth2/auth'.freeze
- REVOKE_TOKEN_URI =
'https://oauth2.googleapis.com/revoke'.freeze
Constants included from CredentialsLoader
CredentialsLoader::ACCOUNT_TYPE_VAR, CredentialsLoader::CLIENT_EMAIL_VAR, CredentialsLoader::CLIENT_ID_VAR, CredentialsLoader::CLIENT_SECRET_VAR, CredentialsLoader::CLOUD_SDK_CLIENT_ID, CredentialsLoader::CLOUD_SDK_CREDENTIALS_WARNING, CredentialsLoader::CREDENTIALS_FILE_NAME, CredentialsLoader::ENV_VAR, CredentialsLoader::GCLOUD_CONFIG_COMMAND, CredentialsLoader::GCLOUD_POSIX_COMMAND, CredentialsLoader::GCLOUD_WINDOWS_COMMAND, CredentialsLoader::NOT_FOUND_ERROR, CredentialsLoader::PRIVATE_KEY_VAR, CredentialsLoader::PROJECT_ID_VAR, CredentialsLoader::REFRESH_TOKEN_VAR, CredentialsLoader::SYSTEM_DEFAULT_ERROR, CredentialsLoader::WELL_KNOWN_ERROR, CredentialsLoader::WELL_KNOWN_PATH
Instance Attribute Summary collapse
-
#project_id ⇒ Object
readonly
Returns the value of attribute project_id.
Class Method Summary collapse
-
.make_creds(options = {}) ⇒ Object
Create a UserRefreshCredentials.
-
.read_json_key(json_key_io) ⇒ Object
Reads the client_id, client_secret and refresh_token fields from the JSON key.
Instance Method Summary collapse
-
#includes_scope?(required_scope) ⇒ Boolean
Verifies that a credential grants the requested scope.
-
#initialize(options = {}) ⇒ UserRefreshCredentials
constructor
A new instance of UserRefreshCredentials.
-
#revoke!(options = {}) ⇒ Object
Revokes the credential.
Methods included from CredentialsLoader
from_env, from_system_default_path, from_well_known_path, load_gcloud_project_id, make_creds, warn_if_cloud_sdk_credentials
Methods inherited from Signet::OAuth2::Client
#apply, #apply!, #build_default_connection, #configure_connection, #fetch_access_token!, #notify_refresh_listeners, #on_refresh, #orig_fetch_access_token!, #retry_with_error, #updater_proc
Constructor Details
#initialize(options = {}) ⇒ UserRefreshCredentials
Returns a new instance of UserRefreshCredentials.
89 90 91 92 93 94 95 96 |
# File 'lib/googleauth/user_refresh.rb', line 89 def initialize( = {}) ||= {} [:token_credential_uri] ||= TOKEN_CRED_URI [:authorization_uri] ||= AUTHORIZATION_URI @project_id = [:project_id] @project_id ||= CredentialsLoader.load_gcloud_project_id super() end |
Instance Attribute Details
#project_id ⇒ Object (readonly)
Returns the value of attribute project_id.
53 54 55 |
# File 'lib/googleauth/user_refresh.rb', line 53 def project_id @project_id end |
Class Method Details
.make_creds(options = {}) ⇒ Object
Create a UserRefreshCredentials.
59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 |
# File 'lib/googleauth/user_refresh.rb', line 59 def self.make_creds( = {}) json_key_io, scope = .values_at(:json_key_io, :scope) user_creds = read_json_key(json_key_io) if json_key_io user_creds ||= { 'client_id' => ENV[CredentialsLoader::CLIENT_ID_VAR], 'client_secret' => ENV[CredentialsLoader::CLIENT_SECRET_VAR], 'refresh_token' => ENV[CredentialsLoader::REFRESH_TOKEN_VAR], 'project_id' => ENV[CredentialsLoader::PROJECT_ID_VAR] } new(token_credential_uri: TOKEN_CRED_URI, client_id: user_creds['client_id'], client_secret: user_creds['client_secret'], refresh_token: user_creds['refresh_token'], project_id: user_creds['project_id'], scope: scope) .configure_connection() end |
.read_json_key(json_key_io) ⇒ Object
Reads the client_id, client_secret and refresh_token fields from the JSON key.
80 81 82 83 84 85 86 87 |
# File 'lib/googleauth/user_refresh.rb', line 80 def self.read_json_key(json_key_io) json_key = MultiJson.load(json_key_io.read) wanted = %w(client_id client_secret refresh_token) wanted.each do |key| raise "the json is missing the #{key} field" unless json_key.key?(key) end json_key end |
Instance Method Details
#includes_scope?(required_scope) ⇒ Boolean
Verifies that a credential grants the requested scope
122 123 124 125 126 |
# File 'lib/googleauth/user_refresh.rb', line 122 def includes_scope?(required_scope) missing_scope = Google::Auth::ScopeUtil.normalize(required_scope) - Google::Auth::ScopeUtil.normalize(scope) missing_scope.empty? end |
#revoke!(options = {}) ⇒ Object
Revokes the credential
99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 |
# File 'lib/googleauth/user_refresh.rb', line 99 def revoke!( = {}) c = [:connection] || Faraday.default_connection retry_with_error do resp = c.post(REVOKE_TOKEN_URI, token: refresh_token || access_token) case resp.status when 200 self.access_token = nil self.refresh_token = nil self.expires_at = 0 else raise(Signet::AuthorizationError, "Unexpected error code #{resp.status}") end end end |