Module: Signet::OAuth1
- Defined in:
- lib/signet/oauth_1/credential.rb,
lib/signet/oauth_1.rb,
lib/signet/oauth_1/client.rb,
lib/signet/oauth_1/server.rb,
lib/signet/oauth_1/signature_methods/rsa_sha1.rb,
lib/signet/oauth_1/signature_methods/hmac_sha1.rb,
lib/signet/oauth_1/signature_methods/plaintext.rb
Overview
:nodoc:
Defined Under Namespace
Modules: HMACSHA1, PLAINTEXT, RSASHA1 Classes: Client, Credential, Server
Constant Summary collapse
- OUT_OF_BAND =
'oob'
Class Method Summary collapse
-
.encode(value) ⇒ String
Converts a value to a percent-encoded
String
according to the rules given in RFC 5849. -
.extract_credential_key_option(credential_type, options) ⇒ String
Processes an options
Hash
to find a credential key value. -
.extract_credential_secret_option(credential_type, options) ⇒ String
Processes an options
Hash
to find a credential secret value. -
.generate_authorization_header(parameters, realm = nil) ⇒ String
Generates an
Authorization
header from a parameter list according to the rules given in RFC 5849. -
.generate_authorization_uri(authorization_uri, options = {}) ⇒ String
Appends the optional ‘oauth_token’ and ‘oauth_callback’ parameters to the base authorization URI.
-
.generate_base_string(method, uri, parameters) ⇒ String
Generates a signature base string according to the algorithm given in RFC 5849.
-
.generate_nonce ⇒ String
Returns a nonce suitable for use as an
'oauth_nonce'
value. -
.generate_timestamp ⇒ String
Returns a timestamp suitable for use as an
'oauth_timestamp'
value. -
.normalize_parameters(parameters) ⇒ String
Normalizes a set of OAuth parameters according to the algorithm given in RFC 5849.
-
.parse_authorization_header(field_value) ⇒ Object
Parses an
Authorization
header into its component parameters. -
.parse_form_encoded_credentials(body) ⇒ Signet::OAuth1::Credential
Parses an
application/x-www-form-urlencoded
HTTP response body into an OAuth key/secret pair. -
.sign_parameters(method, uri, parameters, client_credential_secret, token_credential_secret = nil) ⇒ String
Generates an OAuth signature using the signature method indicated in the parameter list.
-
.unencode(value) ⇒ String
Converts a percent-encoded String to an unencoded value.
-
.unsigned_resource_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when requesting a protected resource.
-
.unsigned_temporary_credential_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when obtaining a set of temporary credentials.
-
.unsigned_token_credential_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when obtaining a set of token credentials.
Class Method Details
.encode(value) ⇒ String
Converts a value to a percent-encoded String
according to the rules given in RFC 5849. All non-unreserved characters are percent-encoded.
24 25 26 27 28 29 30 |
# File 'lib/signet/oauth_1.rb', line 24 def self.encode(value) value = value.to_s if value.kind_of?(Symbol) return Addressable::URI.encode_component( value, Addressable::URI::CharacterClasses::UNRESERVED ) end |
.extract_credential_key_option(credential_type, options) ⇒ String
Processes an options Hash
to find a credential key value. Allows for greater flexibility in configuration.
71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 |
# File 'lib/signet/oauth_1.rb', line 71 def self.extract_credential_key_option(credential_type, ) # Normalize key to String to allow indifferent access. = .inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu } credential_key = "#{credential_type}_credential_key" credential = "#{credential_type}_credential" if [credential_key] credential_key = [credential_key] elsif [credential] require 'signet/oauth_1/credential' if ![credential].respond_to?(:key) raise TypeError, "Expected Signet::OAuth1::Credential, " + "got #{[credential].class}." end credential_key = [credential].key elsif ["client"] require 'signet/oauth_1/client' if !["client"].kind_of?(::Signet::OAuth1::Client) raise TypeError, "Expected Signet::OAuth1::Client, got #{["client"].class}." end credential_key = ["client"].send(credential_key) else credential_key = nil end if credential_key != nil && !credential_key.kind_of?(String) raise TypeError, "Expected String, got #{credential_key.class}." end return credential_key end |
.extract_credential_secret_option(credential_type, options) ⇒ String
Processes an options Hash
to find a credential secret value. Allows for greater flexibility in configuration.
113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 |
# File 'lib/signet/oauth_1.rb', line 113 def self.extract_credential_secret_option(credential_type, ) # Normalize key to String to allow indifferent access. = .inject({}) { |accu, (k, v)| accu[k.to_s] = v; accu } credential_secret = "#{credential_type}_credential_secret" credential = "#{credential_type}_credential" if [credential_secret] credential_secret = [credential_secret] elsif [credential] require 'signet/oauth_1/credential' if ![credential].respond_to?(:secret) raise TypeError, "Expected Signet::OAuth1::Credential, " + "got #{[credential].class}." end credential_secret = [credential].secret elsif ["client"] require 'signet/oauth_1/client' if !["client"].kind_of?(::Signet::OAuth1::Client) raise TypeError, "Expected Signet::OAuth1::Client, got #{["client"].class}." end credential_secret = ["client"].send(credential_secret) else credential_secret = nil end if credential_secret != nil && !credential_secret.kind_of?(String) raise TypeError, "Expected String, got #{credential_secret.class}." end return credential_secret end |
.generate_authorization_header(parameters, realm = nil) ⇒ String
Generates an Authorization
header from a parameter list according to the rules given in RFC 5849.
210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 |
# File 'lib/signet/oauth_1.rb', line 210 def self.(parameters, realm=nil) if !parameters.kind_of?(Enumerable) || parameters.kind_of?(String) raise TypeError, "Expected Enumerable, got #{parameters.class}." end parameter_list = parameters.map do |k, v| if k == 'realm' raise ArgumentError, 'The "realm" parameter must be specified as a separate argument.' end "#{self.encode(k)}=\"#{self.encode(v)}\"" end if realm realm = realm.gsub('"', '\"') parameter_list.unshift("realm=\"#{realm}\"") end return 'OAuth ' + parameter_list.join(", ") end |
.generate_authorization_uri(authorization_uri, options = {}) ⇒ String
Appends the optional ‘oauth_token’ and ‘oauth_callback’ parameters to the base authorization URI.
365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 |
# File 'lib/signet/oauth_1.rb', line 365 def self.(, ={}) = { :callback => nil, :additional_parameters => {} }.merge() temporary_credential_key = self.extract_credential_key_option(:temporary, ) parsed_uri = Addressable::URI.parse().dup query_values = parsed_uri.query_values || {} if [:additional_parameters] query_values = query_values.merge( [:additional_parameters].inject({}) { |h,(k,v)| h[k]=v; h } ) end if temporary_credential_key query_values['oauth_token'] = temporary_credential_key end if [:callback] query_values['oauth_callback'] = [:callback] end parsed_uri.query_values = query_values return parsed_uri.normalize.to_s end |
.generate_base_string(method, uri, parameters) ⇒ String
Generates a signature base string according to the algorithm given in RFC 5849. Joins the method, URI, and normalized parameter string with ‘&’ characters.
176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 |
# File 'lib/signet/oauth_1.rb', line 176 def self.generate_base_string(method, uri, parameters) if !parameters.kind_of?(Enumerable) raise TypeError, "Expected Enumerable, got #{parameters.class}." end method = method.to_s.upcase parsed_uri = Addressable::URI.parse(uri) uri = Addressable::URI.new( :scheme => parsed_uri.normalized_scheme, :authority => parsed_uri., :path => parsed_uri.path, :query => parsed_uri.query, :fragment => parsed_uri.fragment ) uri_parameters = uri.query_values.to_a uri = uri.omit(:query, :fragment).to_s merged_parameters = uri_parameters.concat(parameters.map { |k, v| [k, v] }) parameter_string = self.normalize_parameters(merged_parameters) return [ self.encode(method), self.encode(uri), self.encode(parameter_string) ].join('&') end |
.generate_nonce ⇒ String
Returns a nonce suitable for use as an 'oauth_nonce'
value.
57 58 59 |
# File 'lib/signet/oauth_1.rb', line 57 def self.generate_nonce() return SecureRandom.random_bytes(16).unpack('H*').join('') end |
.generate_timestamp ⇒ String
Returns a timestamp suitable for use as an 'oauth_timestamp'
value.
48 49 50 |
# File 'lib/signet/oauth_1.rb', line 48 def self.() return Time.now.to_i.to_s end |
.normalize_parameters(parameters) ⇒ String
Normalizes a set of OAuth parameters according to the algorithm given in RFC 5849. Sorts key/value pairs lexically by byte order, first by key, then by value, joins key/value pairs with the ‘=’ character, then joins the entire parameter list with ‘&’ characters.
154 155 156 157 158 159 160 161 162 163 164 |
# File 'lib/signet/oauth_1.rb', line 154 def self.normalize_parameters(parameters) if !parameters.kind_of?(Enumerable) raise TypeError, "Expected Enumerable, got #{parameters.class}." end parameter_list = parameters.map do |k, v| next if k == "oauth_signature" # This is probably the wrong place to try to exclude the realm "#{self.encode(k)}=#{self.encode(v)}" end return parameter_list.compact.sort.join("&") end |
.parse_authorization_header(field_value) ⇒ Object
Parses an Authorization
header into its component parameters. Parameter keys and values are decoded according to the rules given in RFC 5849.
232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 |
# File 'lib/signet/oauth_1.rb', line 232 def self.(field_value) if !field_value.kind_of?(String) raise TypeError, "Expected String, got #{field_value.class}." end auth_scheme = field_value[/^([-._0-9a-zA-Z]+)/, 1] case auth_scheme when /^OAuth$/i # Other token types may be supported eventually pairs = Signet.parse_auth_param_list(field_value[/^OAuth\s+(.*)$/i, 1]) return (pairs.inject([]) do |accu, (k, v)| if k != 'realm' k = self.unencode(k) v = self.unencode(v) end accu << [k, v] accu end) else raise ParseError, 'Parsing non-OAuth Authorization headers is out of scope.' end end |
.parse_form_encoded_credentials(body) ⇒ Signet::OAuth1::Credential
Parses an application/x-www-form-urlencoded
HTTP response body into an OAuth key/secret pair.
262 263 264 265 266 267 268 269 |
# File 'lib/signet/oauth_1.rb', line 262 def self.parse_form_encoded_credentials(body) if !body.kind_of?(String) raise TypeError, "Expected String, got #{body.class}." end return Signet::OAuth1::Credential.new( Addressable::URI.form_unencode(body) ) end |
.sign_parameters(method, uri, parameters, client_credential_secret, token_credential_secret = nil) ⇒ String
Generates an OAuth signature using the signature method indicated in the parameter list. Unsupported signature methods will result in a NotImplementedError
exception being raised.
284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 |
# File 'lib/signet/oauth_1.rb', line 284 def self.sign_parameters(method, uri, parameters, client_credential_secret, token_credential_secret=nil) # Technically, the token_credential_secret parameter here may actually # be a temporary credential secret when obtaining a token credential # for the first time base_string = self.generate_base_string(method, uri, parameters) parameters = parameters.inject({}) { |h,(k,v)| h[k.to_s]=v; h } signature_method = parameters['oauth_signature_method'] case signature_method when 'HMAC-SHA1' require 'signet/oauth_1/signature_methods/hmac_sha1' return Signet::OAuth1::HMACSHA1.generate_signature( base_string, client_credential_secret, token_credential_secret ) when 'RSA-SHA1' require 'signet/oauth_1/signature_methods/rsa_sha1' return Signet::OAuth1::RSASHA1.generate_signature( base_string, client_credential_secret, token_credential_secret ) when 'PLAINTEXT' require 'signet/oauth_1/signature_methods/plaintext' return Signet::OAuth1::PLAINTEXT.generate_signature( base_string, client_credential_secret, token_credential_secret ) else raise NotImplementedError, "Unsupported signature method: #{signature_method}" end end |
.unencode(value) ⇒ String
Converts a percent-encoded String to an unencoded value.
39 40 41 |
# File 'lib/signet/oauth_1.rb', line 39 def self.unencode(value) return Addressable::URI.unencode_component(value) end |
.unsigned_resource_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when requesting a protected resource.
454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 |
# File 'lib/signet/oauth_1.rb', line 454 def self.unsigned_resource_parameters(={}) = { :signature_method => 'HMAC-SHA1', :two_legged => false }.merge() client_credential_key = self.extract_credential_key_option(:client, ) if client_credential_key == nil raise ArgumentError, "Missing :client_credential_key parameter." end unless [:two_legged] token_credential_key = self.extract_credential_key_option(:token, ) if token_credential_key == nil raise ArgumentError, "Missing :token_credential_key parameter." end end parameters = [ ["oauth_consumer_key", client_credential_key], ["oauth_signature_method", [:signature_method]], ["oauth_timestamp", self.()], ["oauth_nonce", self.generate_nonce()], ["oauth_version", "1.0"] ] unless [:two_legged] parameters << ["oauth_token", token_credential_key] end # No additional parameters allowed here return parameters end |
.unsigned_temporary_credential_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when obtaining a set of temporary credentials.
331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 |
# File 'lib/signet/oauth_1.rb', line 331 def self.unsigned_temporary_credential_parameters(={}) = { :callback => ::Signet::OAuth1::OUT_OF_BAND, :signature_method => 'HMAC-SHA1', :additional_parameters => [] }.merge() client_credential_key = self.extract_credential_key_option(:client, ) if client_credential_key == nil raise ArgumentError, "Missing :client_credential_key parameter." end parameters = [ ["oauth_consumer_key", client_credential_key], ["oauth_signature_method", [:signature_method]], ["oauth_timestamp", self.()], ["oauth_nonce", self.generate_nonce()], ["oauth_version", "1.0"], ["oauth_callback", [:callback]] ] # Works for any Enumerable [:additional_parameters].each do |key, value| parameters << [key, value] end return parameters end |
.unsigned_token_credential_parameters(options = {}) ⇒ Array
Generates an OAuth parameter list to be used when obtaining a set of token credentials.
406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 |
# File 'lib/signet/oauth_1.rb', line 406 def self.unsigned_token_credential_parameters(={}) = { :signature_method => 'HMAC-SHA1', :verifier => nil }.merge() client_credential_key = self.extract_credential_key_option(:client, ) temporary_credential_key = self.extract_credential_key_option(:temporary, ) if client_credential_key == nil raise ArgumentError, "Missing :client_credential_key parameter." end if temporary_credential_key == nil raise ArgumentError, "Missing :temporary_credential_key parameter." end if [:verifier] == nil raise ArgumentError, "Missing :verifier parameter." end parameters = [ ["oauth_consumer_key", client_credential_key], ["oauth_token", temporary_credential_key], ["oauth_signature_method", [:signature_method]], ["oauth_timestamp", self.()], ["oauth_nonce", self.generate_nonce()], ["oauth_verifier", [:verifier]], ["oauth_version", "1.0"] ] # No additional parameters allowed here return parameters end |