Class: OAuth2::Strategy::AuthCode

Inherits:

Base

• Object
• Base
• OAuth2::Strategy::AuthCode

Defined in:

lib/oauth2/strategy/auth_code.rb

Overview

The Authorization Code Strategy

OAuth 2.1 notes:

• PKCE is required for all OAuth clients using the authorization code flow (especially public clients). This library does not enforce PKCE generation/verification; implement PKCE in your application when required.

• Redirect URIs must be compared using exact string matching by the Authorization Server. This client forwards redirect_uri but does not perform server-side validation.

References:

• OAuth 2.1 draft: datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-1-13

• OAuth for native apps (RFC 8252) and PKCE (RFC 7636)

See Also:

• http://datatracker.ietf.org/doc/html/draft-ietf-oauth-v2-15#section-4.1

Instance Method Summary

• #authorize_params(params = {}) ⇒ Object

  The required query parameters for the authorize URL.

• #authorize_url(params = {}) ⇒ Object

  The authorization URL endpoint of the provider.

• #get_token(code, params = {}, opts = {}) ⇒ Object

  Retrieve an access token given the specified validation code.

Methods inherited from Base

#initialize

Constructor Details

This class inherits a constructor from OAuth2::Strategy::Base

Instance Method Details

#authorize_params(params = {}) ⇒ Object

The required query parameters for the authorize URL

Parameters:

• params (Hash) (defaults to: {}) —

  additional query parameters

# File 'lib/oauth2/strategy/auth_code.rb', line 22

def authorize_params(params = {})
  params.merge("response_type" => "code", "client_id" => @client.id)
end

#authorize_url(params = {}) ⇒ Object

The authorization URL endpoint of the provider

Parameters:

• params (Hash) (defaults to: {}) —

  additional query parameters for the URL

# File 'lib/oauth2/strategy/auth_code.rb', line 29

def authorize_url(params = {})
  assert_valid_params(params)
  @client.authorize_url(authorize_params.merge(params))
end

#get_token(code, params = {}, opts = {}) ⇒ Object

Note:

that you must also provide a :redirect_uri with most OAuth 2.0 providers

Retrieve an access token given the specified validation code.

Parameters:

• code (String) —

  The Authorization Code value

• params (Hash) (defaults to: {}) —

  additional params

• opts (Hash) (defaults to: {}) —

  access_token_opts, @see Client#get_token

# File 'lib/oauth2/strategy/auth_code.rb', line 40

def get_token(code, params = {}, opts = {})
  params = {"grant_type" => "authorization_code", "code" => code}.merge(@client.redirection_params).merge(params)
  params_dup = params.dup
  params.each_key do |key|
    params_dup[key.to_s] = params_dup.delete(key) if key.is_a?(Symbol)
  end

  @client.get_token(params_dup, opts)
end