class Google::Auth::UserAuthorizer

…
# Credentials ready to use, call APIs
end
user_id: user_id, code: code, base_url: OOB_URI)
credentials = authorizer.get_and_store_credentials_from_code(
code = gets
puts url
“resulting code after authorization”
puts “Open the following URL in the browser and enter the ” +
base_url: OOB_URI)
url = authorizer.get_authorization_url(
if credentials.nil?
credentials = authorizer.get_credentials(user_id)
Example usage for a simple command line app:
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.

def self.generate_code_verifier

authorization URL.
Generate the code verifier needed to be sent while fetching

def self.generate_code_verifier
  random_number = rand 32..96
  SecureRandom.alphanumeric random_number
end

def code_challenge_method

def code_challenge_method
  "S256"
end

def code_verifier= new_code_verifier

Parameters:

new_code_erifier (String|nil) --

def code_verifier= new_code_verifier
  @code_verifier = new_code_verifier
end

def generate_code_challenge code_verifier

def generate_code_challenge code_verifier
  digest = Digest::SHA256.digest code_verifier
  Base64.urlsafe_encode64 digest, padding: false
end

def get_and_store_credentials_from_code options = {}

Returns:

(Google::Auth::UserRefreshCredentials) -

Parameters:

base_url (String) --
scope (String, Array) --
code (String) --
user_id (String) --

def get_and_store_credentials_from_code options = {}
  credentials = get_credentials_from_code options
  store_credentials options[:user_id], credentials
end

def get_authorization_url options = {}

Returns:

(String) -

Parameters:

additional_parameters (Hash) --
scope (String, Array) --
base_url (String) --
state (String) --
login_hint (String) --

def get_authorization_url options = {}
  scope = options[:scope] || @scope
  options[:additional_parameters] ||= {}
  if @code_verifier
    options[:additional_parameters].merge!(
      {
        code_challenge: generate_code_challenge(@code_verifier),
        code_challenge_method: code_challenge_method
      }
    )
  end
  credentials = UserRefreshCredentials.new(
    client_id:     @client_id.id,
    client_secret: @client_id.secret,
    scope:         scope,
    additional_parameters: options[:additional_parameters]
  )
  redirect_uri = redirect_uri_for options[:base_url]
  url = credentials.authorization_uri(access_type:            "offline",
                                      redirect_uri:           redirect_uri,
                                      approval_prompt:        "force",
                                      state:                  options[:state],
                                      include_granted_scopes: true,
                                      login_hint:             options[:login_hint])
  url.to_s
end

def get_credentials user_id, scope = nil

Returns:

(Google::Auth::UserRefreshCredentials) -

Parameters:

scope (Array, String) --
user_id (String) --

def get_credentials user_id, scope = nil
  saved_token = stored_token user_id
  return nil if saved_token.nil?
  data = MultiJson.load saved_token
  if data.fetch("client_id", @client_id.id) != @client_id.id
    raise format(MISMATCHED_CLIENT_ID_ERROR,
                 data["client_id"], @client_id.id)
  end
  credentials = UserRefreshCredentials.new(
    client_id:     @client_id.id,
    client_secret: @client_id.secret,
    scope:         data["scope"] || @scope,
    access_token:  data["access_token"],
    refresh_token: data["refresh_token"],
    expires_at:    data.fetch("expiration_time_millis", 0) / 1000
  )
  scope ||= @scope
  return monitor_credentials user_id, credentials if credentials.includes_scope? scope
  nil
end

def get_credentials_from_code options = {}

Returns:

(Google::Auth::UserRefreshCredentials) -

Parameters:

additional_parameters (Hash) --
base_url (String) --
scope (String, Array) --
code (String) --
user_id (String) --

def get_credentials_from_code options = {}
  user_id = options[:user_id]
  code = options[:code]
  scope = options[:scope] || @scope
  base_url = options[:base_url]
  options[:additional_parameters] ||= {}
  options[:additional_parameters].merge!({ code_verifier: @code_verifier })
  credentials = UserRefreshCredentials.new(
    client_id:             @client_id.id,
    client_secret:         @client_id.secret,
    redirect_uri:          redirect_uri_for(base_url),
    scope:                 scope,
    additional_parameters: options[:additional_parameters]
  )
  credentials.code = code
  credentials.fetch_access_token!({})
  monitor_credentials user_id, credentials
end

def initialize client_id, scope, token_store,

Parameters:

code_verifier (String) --
legacy_callback_uri (String) --
token_store (Google::Auth::Stores::TokenStore) --
scope (String, Array) --
client_id (Google::Auth::ClientID) --

Deprecated:

This field is deprecated. Instead, use the keyword

def initialize client_id, scope, token_store,
               legacy_callback_uri = nil,
               callback_uri: nil,
               code_verifier: nil
  raise NIL_CLIENT_ID_ERROR if client_id.nil?
  raise NIL_SCOPE_ERROR if scope.nil?
  @client_id = client_id
  @scope = Array(scope)
  @token_store = token_store
  @callback_uri = legacy_callback_uri || callback_uri || "/oauth2callback"
  @code_verifier = code_verifier
end

def monitor_credentials user_id, credentials

Parameters:

credentials (Google::Auth::UserRefreshCredentials) --
user_id (String) --

def monitor_credentials user_id, credentials
  credentials.on_refresh do |cred|
    store_credentials user_id, cred
  end
  credentials
end

def redirect_uri_for base_url

Returns:

(String) -

Parameters:

base_url (String) --

def redirect_uri_for base_url
  return @callback_uri if uri_is_postmessage?(@callback_uri) || !URI(@callback_uri).scheme.nil?
  raise format(MISSING_ABSOLUTE_URL_ERROR, @callback_uri) if base_url.nil? || URI(base_url).scheme.nil?
  URI.join(base_url, @callback_uri).to_s
end

def revoke_authorization user_id

Parameters:

user_id (String) --

def revoke_authorization user_id
  credentials = get_credentials user_id
  if credentials
    begin
      @token_store.delete user_id
    ensure
      credentials.revoke!
    end
  end
  nil
end

def store_credentials user_id, credentials

Parameters:

credentials (Google::Auth::UserRefreshCredentials) --
user_id (String) --

def store_credentials user_id, credentials
  json = MultiJson.dump(
    client_id:              credentials.client_id,
    access_token:           credentials.access_token,
    refresh_token:          credentials.refresh_token,
    scope:                  credentials.scope,
    expiration_time_millis: credentials.expires_at.to_i * 1000
  )
  @token_store.store user_id, json
  credentials
end

def stored_token user_id

Returns:

(String) - The saved token from @token_store

Parameters:

user_id (String) --

Other tags:

Private

def stored_token user_id
  raise NIL_USER_ID_ERROR if user_id.nil?
  raise NIL_TOKEN_STORE_ERROR if @token_store.nil?
  @token_store.load user_id
end

def uri_is_postmessage? uri

Check if URI is Google's postmessage flow (not a valid redirect_uri by spec, but allowed)

def uri_is_postmessage? uri
  uri.to_s.casecmp("postmessage").zero?
end

Namespace

Google::Auth

Class Methods

:: generate_code_verifier

Instance Methods

Defined in

lib/googleauth/user_authorizer.rb

Modules

Classes

class Google::Auth::UserAuthorizer

def self.generate_code_verifier

def code_challenge_method

def code_verifier= new_code_verifier

def generate_code_challenge code_verifier

def get_and_store_credentials_from_code options = {}

def get_authorization_url options = {}

def get_credentials user_id, scope = nil

def get_credentials_from_code options = {}

def initialize client_id, scope, token_store,

def monitor_credentials user_id, credentials

def redirect_uri_for base_url

def revoke_authorization user_id

def store_credentials user_id, credentials

def stored_token user_id

def uri_is_postmessage? uri

Namespace

Class Methods

Instance Methods

Defined in