Class: OAuth2::Client

Inherits:

Object

• Object
• OAuth2::Client

Defined in:

lib/oauth2/client.rb

Overview

The OAuth2::Client class

Constant Summary

RESERVED_PARAM_KEYS =

rubocop:disable Metrics/ClassLength

%w[headers parse].freeze

DEFAULT_EXTRACT_ACCESS_TOKEN =

proc do |client, hash|
  token = hash.delete('access_token') || hash.delete(:access_token)
  token && AccessToken.new(client, token, hash)
end

Instance Attribute Summary

• #connection ⇒ Object

  The Faraday connection object.

• #id ⇒ Object readonly

  Returns the value of attribute id.

• #options ⇒ Object

  Returns the value of attribute options.

• #secret ⇒ Object readonly

  Returns the value of attribute secret.

• #site ⇒ Object

  Returns the value of attribute site.

Instance Method Summary

• #assertion ⇒ Object
• #auth_code ⇒ Object

  The Authorization Code strategy.

• #authorize_url(params = {}) ⇒ Object

  The authorize endpoint URL of the OAuth2 provider.

• #client_credentials ⇒ Object

  The Client Credentials strategy.

• #get_token(params, access_token_opts = {}, extract_access_token = ) ⇒ AccessToken

  Initializes an AccessToken by making a request to the token endpoint.

• #implicit ⇒ Object

  The Implicit strategy.

• #initialize(client_id, client_secret, options = {}) {|builder| ... } ⇒ Client constructor

  Instantiate a new OAuth 2.0 client using the Client ID and Client Secret registered to your application.

• #password ⇒ Object

  The Resource Owner Password Credentials strategy.

• #redirection_params ⇒ Hash

  The redirect_uri parameters, if configured.

• #request(verb, url, opts = {}) {|req| ... } ⇒ Object

  Makes a request relative to the specified site root.

• #token_url(params = nil) ⇒ Object

  The token endpoint URL of the OAuth2 provider.

Constructor Details

#initialize(client_id, client_secret, options = {}) {|builder| ... } ⇒ Client

Instantiate a new OAuth 2.0 client using the Client ID and Client Secret registered to your application.

Parameters:

• client_id (String) —

  the client_id value

• client_secret (String) —

  the client_secret value

• options (Hash) (defaults to: {}) —

  the options to create the client with

Options Hash (options):

• :site (String) —

  the OAuth2 provider site host

• :redirect_uri (String) —

  the absolute URI to the Redirection Endpoint for use in authorization grants and token exchange

• :authorize_url (String) — default: 'oauth/authorize' —

  absolute or relative URL path to the Authorization endpoint

• :token_url (String) — default: 'oauth/token' —

  absolute or relative URL path to the Token endpoint

• :token_method (Symbol) — default: :post —

  HTTP method to use to request token (:get or :post)

• :auth_scheme (Symbol) — default: :basic_auth —

  HTTP method to use to authorize request (:basic_auth or :request_body)

• :connection_opts (Hash) — default: {} —

  Hash of connection options to pass to initialize Faraday with

• :max_redirects (FixNum) — default: 5 —

  maximum number of redirects to follow

• :raise_errors (Boolean) — default: true —

  whether or not to raise an OAuth2::Error on responses with 400+ status codes

• :logger (Logger) — default: ::Logger.new($stdout) —

  which logger to use when OAUTH_DEBUG is enabled

• (DEPRECATED) (Proc) —

  :extract_access_token proc that extracts the access token from the response

Yields:

• (builder) —

  The Faraday connection builder

# File 'lib/oauth2/client.rb', line 35

def initialize(client_id, client_secret, options = {}, &block)
  opts = options.dup
  @id = client_id
  @secret = client_secret
  @site = opts.delete(:site)
  ssl = opts.delete(:ssl)
  @options = {:authorize_url => 'oauth/authorize',
              :token_url => 'oauth/token',
              :token_method => :post,
              :auth_scheme => :request_body,
              :connection_opts => {},
              :connection_build => block,
              :max_redirects => 5,
              :raise_errors => true,
              :extract_access_token => DEFAULT_EXTRACT_ACCESS_TOKEN, # DEPRECATED
              :logger => ::Logger.new($stdout)}.merge(opts)
  @options[:connection_opts][:ssl] = ssl if ssl
end

Instance Attribute Details

#connection ⇒ Object

The Faraday connection object

# File 'lib/oauth2/client.rb', line 63

def connection
  @connection ||=
    Faraday.new(site, options[:connection_opts]) do |builder|
      oauth_debug_logging(builder)
      if options[:connection_build]
        options[:connection_build].call(builder)
      else
        builder.request :url_encoded             # form-encode POST params
        builder.adapter Faraday.default_adapter  # make requests with Net::HTTP
      end
    end
end

#id ⇒ Object (readonly)

Returns the value of attribute id.

# File 'lib/oauth2/client.rb', line 12

def id
  @id
end

#options ⇒ Object

Returns the value of attribute options.

# File 'lib/oauth2/client.rb', line 13

def options
  @options
end

#secret ⇒ Object (readonly)

Returns the value of attribute secret.

# File 'lib/oauth2/client.rb', line 12

def secret
  @secret
end

#site ⇒ Object

Returns the value of attribute site.

# File 'lib/oauth2/client.rb', line 12

def site
  @site
end

Instance Method Details

#assertion ⇒ Object

# File 'lib/oauth2/client.rb', line 228

def assertion
  @assertion ||= OAuth2::Strategy::Assertion.new(self)
end

#auth_code ⇒ Object

The Authorization Code strategy

See Also:

• http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1

# File 'lib/oauth2/client.rb', line 203

def auth_code
  @auth_code ||= OAuth2::Strategy::AuthCode.new(self)
end

#authorize_url(params = {}) ⇒ Object

The authorize endpoint URL of the OAuth2 provider

Parameters:

• params (Hash) (defaults to: {}) —

  additional query parameters

# File 'lib/oauth2/client.rb', line 79

def authorize_url(params = {})
  params = (params || {}).merge(redirection_params)
  connection.build_url(options[:authorize_url], params).to_s
end

#client_credentials ⇒ Object

The Client Credentials strategy

See Also:

• http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.4

# File 'lib/oauth2/client.rb', line 224

def client_credentials
  @client_credentials ||= OAuth2::Strategy::ClientCredentials.new(self)
end

#get_token(params, access_token_opts = {}, extract_access_token = ) ⇒ AccessToken

Initializes an AccessToken by making a request to the token endpoint

Parameters:

• params (Hash) —

  a Hash of params for the token endpoint

• access_token_opts (Hash) (defaults to: {}) —

  access token options, to pass to the AccessToken object

• access_token_class (Class) —

  class of access token for easier subclassing OAuth2::AccessToken

Returns:

• (AccessToken) —

  the initialized AccessToken

# File 'lib/oauth2/client.rb', line 155

def get_token(params, access_token_opts = {}, extract_access_token = options[:extract_access_token]) # # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity Metrics/AbcSize, Metrics/MethodLength
  params = params.map do |key, value|
    if RESERVED_PARAM_KEYS.include?(key)
      [key.to_sym, value]
    else
      [key, value]
    end
  end
  params = Hash[params]

  params = authenticator.apply(params)
  opts = {:raise_errors => options[:raise_errors], :parse => params.delete(:parse)}
  headers = params.delete(:headers) || {}
  if options[:token_method] == :post
    opts[:body] = params
    opts[:headers] = {'Content-Type' => 'application/x-www-form-urlencoded'}
  else
    opts[:params] = params
    opts[:headers] = {}
  end
  opts[:headers] = opts[:headers].merge(headers)
  http_method = options[:token_method]
  response = request(http_method, token_url, opts)

  access_token = begin
    build_access_token(response, access_token_opts, extract_access_token)
  rescue StandardError
    nil
  end

  response_contains_token = access_token || (
                              response.parsed.is_a?(Hash) &&
                              (response.parsed['access_token'] || response.parsed['id_token'])
                            )

  if options[:raise_errors] && !response_contains_token
    error = Error.new(response)
    raise(error)
  elsif !response_contains_token
    return nil
  end

  access_token
end

#implicit ⇒ Object

The Implicit strategy

See Also:

• http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-26#section-4.2

# File 'lib/oauth2/client.rb', line 210

def implicit
  @implicit ||= OAuth2::Strategy::Implicit.new(self)
end

#password ⇒ Object

The Resource Owner Password Credentials strategy

See Also:

• http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.3

# File 'lib/oauth2/client.rb', line 217

def password
  @password ||= OAuth2::Strategy::Password.new(self)
end

#redirection_params ⇒ Hash

The redirect_uri parameters, if configured

The redirect_uri query parameter is OPTIONAL (though encouraged) when requesting authorization. If it is provided at authorization time it MUST also be provided with the token exchange request.

Providing the :redirect_uri to the OAuth2::Client instantiation will take care of managing this.

Returns:

• (Hash) —

  the params to add to a request or URL

See Also:

• https://datatracker.ietf.org/doc/html/rfc6749#section-4.1
• https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.3
• https://datatracker.ietf.org/doc/html/rfc6749#section-4.2.1
• https://datatracker.ietf.org/doc/html/rfc6749#section-10.6

# File 'lib/oauth2/client.rb', line 248

def redirection_params
  if options[:redirect_uri]
    {'redirect_uri' => options[:redirect_uri]}
  else
    {}
  end
end

#request(verb, url, opts = {}) {|req| ... } ⇒ Object

Makes a request relative to the specified site root.

Parameters:

• verb (Symbol) —

  one of :get, :post, :put, :delete

• url (String) —

  URL path of request

• opts (Hash) (defaults to: {}) —

  the options to make the request with

Options Hash (opts):

• :params (Hash) —

  additional query parameters for the URL of the request

• :body (Hash, String) —

  the body of the request

• :headers (Hash) —

  http request headers

• :raise_errors (Boolean) —

  whether or not to raise an OAuth2::Error on 400+ status code response for this request. Will default to client option

• :parse (Symbol) —

  @see Response::initialize

Yields:

• (req) —

  The Faraday request

# File 'lib/oauth2/client.rb', line 103

def request(verb, url, opts = {}) # rubocop:disable Metrics/PerceivedComplexity, Metrics/CyclomaticComplexity, Metrics/AbcSize
  url = connection.build_url(url).to_s

  begin
    response = connection.run_request(verb, url, opts[:body], opts[:headers]) do |req|
      req.params.update(opts[:params]) if opts[:params]
      yield(req) if block_given?
    end
  rescue Faraday::ConnectionFailed => e
    raise ConnectionError, e
  end

  response = Response.new(response, :parse => opts[:parse])

  case response.status
  when 301, 302, 303, 307
    opts[:redirect_count] ||= 0
    opts[:redirect_count] += 1
    return response if opts[:redirect_count] > options[:max_redirects]

    if response.status == 303
      verb = :get
      opts.delete(:body)
    end
    location = response.headers['location']
    if location
      request(verb, location, opts)
    else
      error = Error.new(response)
      raise(error, "Got #{response.status} status code, but no Location header was present")
    end
  when 200..299, 300..399
    # on non-redirecting 3xx statuses, just return the response
    response
  when 400..599
    error = Error.new(response)
    raise(error) if opts.fetch(:raise_errors, options[:raise_errors])

    response.error = error
    response
  else
    error = Error.new(response)
    raise(error, "Unhandled status code value of #{response.status}")
  end
end

#token_url(params = nil) ⇒ Object

The token endpoint URL of the OAuth2 provider

Parameters:

• params (Hash) (defaults to: nil) —

  additional query parameters

# File 'lib/oauth2/client.rb', line 87

def token_url(params = nil)
  connection.build_url(options[:token_url], params).to_s
end