Module: OmniContacts::Authorization::OAuth1

Includes:

HTTPUtils

Included in:

Middleware::OAuth1

Defined in:

lib/omnicontacts/authorization/oauth1.rb

Constant Summary

OAUTH_VERSION =

"1.0"

Constants included from HTTPUtils

HTTPUtils::SSL_PORT

Instance Method Summary

• #authorization_url(auth_token) ⇒ Object

  Returns the url the user has to be redirected to do in order grant permission to the client application.

• #fetch_access_token(auth_token, auth_token_secret, auth_verifier, additional_fields_to_extract = []) ⇒ Object

  Fetches the access token from the authorization server.

• #fetch_authorization_token ⇒ Object

  Obtain an authorization token from the server.

• #oauth_signature(method, url, params, secret) ⇒ Object

  Calculates a signature using HMAC-SHA1 according to the OAuth 1.0 specifications.

Methods included from HTTPUtils

encode, host_url_from_rack_env, query_string_to_map, scheme, to_query_string

Instance Method Details

#authorization_url(auth_token) ⇒ Object

Returns the url the user has to be redirected to do in order grant permission to the client application.

# File 'lib/omnicontacts/authorization/oauth1.rb', line 65

def authorization_url auth_token
  "https://" + auth_host + auth_path + "?oauth_token=" + auth_token
end

#fetch_access_token(auth_token, auth_token_secret, auth_verifier, additional_fields_to_extract = []) ⇒ Object

Fetches the access token from the authorization server. The method expects the authorization token, the authorization token secret and the authorization verifier. The result comprises the access token, the access token secret and a list of additional fields extracted from the server’s response. The list of additional fields to extract is specified as last parameter

# File 'lib/omnicontacts/authorization/oauth1.rb', line 73

def fetch_access_token auth_token, auth_token_secret, auth_verifier, additional_fields_to_extract = []
  access_token_resp = https_post(auth_host, access_token_path, access_token_req_params(auth_token, auth_token_secret, auth_verifier))
  values_from_query_string(access_token_resp, (["oauth_token", "oauth_token_secret"] + additional_fields_to_extract))
end

#fetch_authorization_token ⇒ Object

Obtain an authorization token from the server. The token is returned in an array along with the relative authorization token secret.

# File 'lib/omnicontacts/authorization/oauth1.rb', line 24

def fetch_authorization_token
  request_token_response = https_post(auth_host, auth_token_path, request_token_req_params)
  values_from_query_string(request_token_response, ["oauth_token", "oauth_token_secret"])
end

#oauth_signature(method, url, params, secret) ⇒ Object

Calculates a signature using HMAC-SHA1 according to the OAuth 1.0 specifications.

The base string is given is a RFC 3986 encoded concatenation of:

• Uppercase HTTP method

• An ‘&’

• A url without any parameters

• An ‘&’

• All parameters to use in the request encoded themselves and sorted by key.

The signature key is given by the concatenation of:

• RFC 3986 encoded consumer secret

• An ‘&’

• RFC 3986 encoded token secret

# File 'lib/omnicontacts/authorization/oauth1.rb', line 108

def oauth_signature method, url, params, secret
  encoded_method = encode(method.upcase)
  encoded_url = encode(url)
  # params must be in alphabetical order
  encoded_params = encode(to_query_string(params.sort { |x, y| x.to_s <=> y.to_s }))
  base_string = encoded_method + '&' + encoded_url + '&' + encoded_params
  key = encode(consumer_secret) + '&' + secret
  hmac_sha1 = OpenSSL::HMAC.digest('sha1', key, base_string)
  # base64 encode results must be stripped
  encode(Base64.encode64(hmac_sha1).strip)
end