Class: OmniAuth::Strategies::OAuth2

Inherits:
Object
  • Object
show all
Includes:
OmniAuth::Strategy
Defined in:
lib/omniauth/strategies/oauth2.rb

Overview

Authentication strategy for connecting with APIs constructed using the [OAuth 2.0 Specification](tools.ietf.org/html/draft-ietf-oauth-v2-10). You must generally register your application with the provider and utilize an application id and secret in order to authenticate using OAuth 2.0.

Defined Under Namespace

Classes: CallbackError

Instance Attribute Summary collapse

Class Method Summary collapse

Instance Method Summary collapse

Instance Attribute Details

#access_tokenObject

Returns the value of attribute access_token.



44
45
46
# File 'lib/omniauth/strategies/oauth2.rb', line 44

def access_token
  @access_token
end

Class Method Details

.inherited(subclass) ⇒ Object



17
18
19
# File 'lib/omniauth/strategies/oauth2.rb', line 17

def self.inherited(subclass)
  OmniAuth::Strategy.included(subclass)
end

Instance Method Details

#authorize_paramsObject

rubocop:disable Metrics/AbcSize, Metrics/MethodLength



62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
# File 'lib/omniauth/strategies/oauth2.rb', line 62

def authorize_params # rubocop:disable Metrics/AbcSize, Metrics/MethodLength
  options.authorize_params[:state] = SecureRandom.hex(24)

  if OmniAuth.config.test_mode
    @env ||= {}
    @env["rack.session"] ||= {}
  end

  params = options.authorize_params
                  .merge(options_for("authorize"))
                  .merge(pkce_authorize_params)

  session["omniauth.pkce.verifier"] = options.pkce_verifier if options.pkce
  session["omniauth.state"] = params[:state]

  params
end

#callback_phaseObject

rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity



84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# File 'lib/omniauth/strategies/oauth2.rb', line 84

def callback_phase # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
  error = request.params["error_reason"] || request.params["error"]
  if error
    fail!(error, CallbackError.new(request.params["error"], request.params["error_description"] || request.params["error_reason"], request.params["error_uri"]))
  elsif !options.provider_ignores_state && (request.params["state"].to_s.empty? || request.params["state"] != session.delete("omniauth.state"))
    fail!(:csrf_detected, CallbackError.new(:csrf_detected, "CSRF detected"))
  else
    self.access_token = build_access_token
    self.access_token = access_token.refresh! if access_token.expired?
    super
  end
rescue ::OAuth2::Error, CallbackError => e
  fail!(:invalid_credentials, e)
rescue ::Timeout::Error, ::Errno::ETIMEDOUT => e
  fail!(:timeout, e)
rescue ::SocketError => e
  fail!(:failed_to_connect, e)
end

#clientObject



46
47
48
# File 'lib/omniauth/strategies/oauth2.rb', line 46

def client
  ::OAuth2::Client.new(options.client_id, options.client_secret, deep_symbolize(options.client_options))
end

#request_phaseObject



58
59
60
# File 'lib/omniauth/strategies/oauth2.rb', line 58

def request_phase
  redirect client.auth_code.authorize_url({:redirect_uri => callback_url}.merge(authorize_params))
end

#token_paramsObject



80
81
82
# File 'lib/omniauth/strategies/oauth2.rb', line 80

def token_params
  options.token_params.merge(options_for("token")).merge(pkce_token_params)
end