lib/doorkeeper/oauth/nonstandard.rb
# frozen_string_literal: true module Doorkeeper module OAuth class NonStandard # These are not part of the OAuth 2 specification but are still in use by Google # and in some other implementations. Native applications should use one of the # approaches discussed in RFC8252. OOB is 'Out of Band' # This value signals to the Google Authorization Server that the authorization # code should be returned in the title bar of the browser, with the page text # prompting the user to copy the code and paste it in the application. # This is useful when the client (such as a Windows application) cannot listen # on an HTTP port without significant client configuration. # When you use this value, your application can then detect that the page has loaded, and can # read the title of the HTML page to obtain the authorization code. It is then up to your # application to close the browser window if you want to ensure that the user never sees the # page that contains the authorization code. The mechanism for doing this varies from platform # to platform. # # If your platform doesn't allow you to detect that the page has loaded or read the title of # the page, you can have the user paste the code back to your application, as prompted by the # text in the confirmation page that the OAuth 2.0 server generates. IETF_WG_OAUTH2_OOB = "urn:ietf:wg:oauth:2.0:oob" # This is identical to urn:ietf:wg:oauth:2.0:oob, but the text in the confirmation page that # the OAuth 2.0 server generates won't instruct the user to copy the authorization code, but # instead will simply ask the user to close the window. # # This is useful when your application reads the title of the HTML page (by checking window # titles on the desktop, for example) to obtain the authorization code, but can't close the # page on its own. IETF_WG_OAUTH2_OOB_AUTO = "urn:ietf:wg:oauth:2.0:oob:auto" IETF_WG_OAUTH2_OOB_METHODS = [IETF_WG_OAUTH2_OOB, IETF_WG_OAUTH2_OOB_AUTO].freeze end end end