Module: Schwab::OAuth

Defined in:

lib/schwab/oauth.rb

Overview

OAuth 2.0 authentication helpers for Schwab API

Class Method Summary

• .authorization_url(client_id:, redirect_uri:, state: nil, config: nil) ⇒ String

  Generate the authorization URL for the OAuth 2.0 flow.

• .get_token(code:, client_id:, client_secret:, redirect_uri:, config: nil) ⇒ Hash

  Exchange an authorization code for access and refresh tokens.

• .refresh_token(refresh_token:, client_id:, client_secret:, config: nil) ⇒ Hash

  Refresh an access token using a refresh token.

Class Method Details

.authorization_url(client_id:, redirect_uri:, state: nil, config: nil) ⇒ String

Generate the authorization URL for the OAuth 2.0 flow

Parameters:

• client_id (String) —

  Your Schwab application’s client ID

• redirect_uri (String) —

  The redirect URI configured in your Schwab application

• state (String, nil) (defaults to: nil) —

  Optional state parameter for CSRF protection (will be generated if not provided)

• config (Configuration, nil) (defaults to: nil) —

  Optional configuration object (uses global config if not provided)

Returns:

• (String) —

  The authorization URL to redirect the user to

# File 'lib/schwab/oauth.rb', line 18

def authorization_url(client_id:, redirect_uri:, state: nil, config: nil)
  config ||= Schwab.configuration || Configuration.new
  state ||= SecureRandom.hex(16)

  params = {
    response_type: "code",
    client_id: client_id,
    redirect_uri: redirect_uri,
    state: state,
  }

  uri = URI(config.oauth_authorize_url)
  uri.query = URI.encode_www_form(params)
  uri.to_s
end

.get_token(code:, client_id:, client_secret:, redirect_uri:, config: nil) ⇒ Hash

Exchange an authorization code for access and refresh tokens

Parameters:

• code (String) —

  The authorization code from the OAuth callback

• client_id (String) —

  Your Schwab application’s client ID

• client_secret (String) —

  Your Schwab application’s client secret

• redirect_uri (String) —

  The redirect URI used in the authorization request

• config (Configuration, nil) (defaults to: nil) —

  Optional configuration object (uses global config if not provided)

Returns:

• (Hash) —

  Token response with :access_token, :refresh_token, :expires_in, :expires_at

# File 'lib/schwab/oauth.rb', line 42

def get_token(code:, client_id:, client_secret:, redirect_uri:, config: nil)
  config ||= Schwab.configuration || Configuration.new
  client = oauth2_client(client_id: client_id, client_secret: client_secret, config: config)

  token = client.auth_code.get_token(
    code,
    redirect_uri: redirect_uri,
    headers: { "Content-Type" => "application/x-www-form-urlencoded" },
  )

  parse_token_response(token)
end

.refresh_token(refresh_token:, client_id:, client_secret:, config: nil) ⇒ Hash

Refresh an access token using a refresh token

Parameters:

• refresh_token (String) —

  The refresh token

• client_id (String) —

  Your Schwab application’s client ID

• client_secret (String) —

  Your Schwab application’s client secret

• config (Configuration, nil) (defaults to: nil) —

  Optional configuration object (uses global config if not provided)

Returns:

• (Hash) —

  Token response with :access_token, :refresh_token, :expires_in, :expires_at

# File 'lib/schwab/oauth.rb', line 62

def refresh_token(refresh_token:, client_id:, client_secret:, config: nil)
  config ||= Schwab.configuration || Configuration.new
  client = oauth2_client(client_id: client_id, client_secret: client_secret, config: config)

  token = OAuth2::AccessToken.new(client, nil, refresh_token: refresh_token)
  new_token = token.refresh!

  parse_token_response(new_token)
end