Module: OAuthenticator::ConfigMethods

Included in:
SignedRequest
Defined in:
lib/oauthenticator/config_methods.rb

Overview

This module contains stubs, or in some cases default values, for implementations of particulars of the OAuth protocol. Applications must implement some of these, and are likely to want to override the default values of others. certain methods will need to use methods of the SignedRequest class.

the methods your implementation will need to be used are primarily those from the parsed OAuth Authorization header. these are methods your implementation WILL need to use to implement the required functionality:

  • #consumer_key
  • #token
  • #nonce
  • #timestamp

the following are the other parts of the Authorization, but your implementation will probably NOT need to use these (OAuthenticator does everything that is needed to validate these parts):

  • #version
  • #signature_method
  • #signature

Instance Method Summary collapse

Instance Method Details

#access_token_belongs_to_consumer?Boolean

whether the access token indicated by the request (via #token) belongs to the consumer indicated by the request (via #consumer_key).

Returns:

  • (Boolean)

    whether the request's access token belongs to the request's consumer



96
97
98
 
# File 'lib/oauthenticator/config_methods.rb', line 96

def access_token_belongs_to_consumer?
  config_method_not_implemented
end

#access_token_secretString

this should look up the access token secret in your application's storage corresponding to the request's access token, which is available via the #token method. see the README for an example implementation.

Returns:

  • (String)

    the access token secret for the request's access token



73
74
75
 
# File 'lib/oauthenticator/config_methods.rb', line 73

def access_token_secret
  config_method_not_implemented
end

#allowed_signature_methodsArray<String>

the signature methods which the application will accept. this MUST be a subset of the signature methods defined in the OAuth 1.0 protocol: %w(HMAC-SHA1 RSA-SHA1 PLAINTEXT). the default value for this is all allowed signature methods, and may remain unimplemented if you wish to allow all defined signature methods.

Returns:

  • (Array<String>) 


59
60
61
 
# File 'lib/oauthenticator/config_methods.rb', line 59

def allowed_signature_methods
  OAuthenticator::SignedRequest::VALID_SIGNATURE_METHODS
end

#consumer_secretString

this should look up the consumer secret in your application's storage corresponding to the request's consumer key, which is available via the #consumer_key method. see the README for an example implementation.

Returns:

  • (String)

    the consumer secret for the request's consumer key



66
67
68
 
# File 'lib/oauthenticator/config_methods.rb', line 66

def consumer_secret
  config_method_not_implemented
end

#nonce_used?Boolean

whether the nonce, available via the #nonce method, has already been used. you may wish to use this in conjunction with the timestamp (#timestamp), per the OAuth 1.0 spec.

it's worth noting that if this ever returns true, it may indicate a replay attack under way against your application. the replay attack will fail due to OAuth, but you may wish to log the event.

Returns:

  • (Boolean)

    whether the request's nonce has already been used.



82
83
84
 
# File 'lib/oauthenticator/config_methods.rb', line 82

def nonce_used?
  config_method_not_implemented
end

#timestamp_valid_futureInteger

the number of seconds (integer) in the future for which the request is considered valid.

if the timestamp is more than this number of seconds greater than the current clock time, then the request is considered invalid and the response is an error.

this should be large enough to allow for clock skew between your application's server and the requester's clock.

this method may remain unimplemented if #timestamp_valid_period is implemented.

Returns:

  • (Integer)

    period in seconds



52
53
54
 
# File 'lib/oauthenticator/config_methods.rb', line 52

def timestamp_valid_future
  timestamp_valid_period
end

#timestamp_valid_pastInteger

the number of seconds (integer) in the past for which the request is considered valid.

if the timestamp is more than this number of seconds less than the current clock time, then the request is considered invalid and the response is an error.

this should be large enough to allow for clock skew between your application's server and the requester's clock.

nonces older than Time.now - timestamp_valid_past may be discarded.

this method may remain unimplemented if #timestamp_valid_period is implemented.

Returns:

  • (Integer)

    period in seconds



39
40
41
 
# File 'lib/oauthenticator/config_methods.rb', line 39

def timestamp_valid_past
  timestamp_valid_period
end

#timestamp_valid_periodInteger

the number of seconds (integer) in both the past and future for which the request is considered valid.

if it is desired to have a different period considered valid in the past than in the future, then the methods #timestamp_valid_past and #timestamp_valid_future may be implemented instead, and this method may remain unimplemented.

see the documentation for #timestamp_valid_past and #timestamp_valid_future for other considerations of the valid period.

Returns:

  • (Integer)

    period in seconds



24
25
26
 
# File 'lib/oauthenticator/config_methods.rb', line 24

def timestamp_valid_period
  config_method_not_implemented
end

#use_nonce!Void

cause the nonce, available via the #nonce method, to be marked as used. you may wish to use this in conjunction with the timestamp (#timestamp).

Returns:

  • (Void)

    (return value is ignored / unused)



89
90
91
 
# File 'lib/oauthenticator/config_methods.rb', line 89

def use_nonce!
  config_method_not_implemented
end