A Ruby wrapper based on the OAuth 2.0 specification for build oauth2 clients. It is designed with the philosophy that many oauth2 providers implement OAuth 2.0 differently and not exactly according to the RFC. With this gem, a developer has some degree of flexibilty in creating a client that will work with different OAuth2 providers. This flexibilty comes at the same price of having to implement a few things yourself. To that effect, an access token response is returned as an HTTPResponse from which the response body can be extracted. It turns out that not every oauth2 providers returns tokens in the same format. Therefore, rather than make assumptions about the token response, this gem leaves that responsiblity to the developer.
Bundled with the gem are working sample clients for Google, Yammer and Github. The structure of the clients is easy to follow thus making it possible to simply copy code from one client and simply substitute the rights credentials and request URL paths.
For more about the standard checkout: http://tools.ietf.org/html/rfc6749
gem install oauth2-client
require 'oauth2'
@client = OAuth2Client::Client.new('https://example.com', 's6BhdRkqt3', '4hJZY88TCBB9q8IpkeualA2lZsUhOSclkkSKw3RXuE')
client.authorization_code.authorization_path(:redirect_uri => 'http://localhost/oauth2/cb')
# => "/oauth/authorize?response_type=code&client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%2Foauth2%2Fcb"
The client wraps around the creation of any given grant and passing in the parameters defined in the configuration
file. The supported grants include Authorization Code, Implicit, Resource Owner Password Credentials, Client Credentials.
There is also support for device authentication as described in Google's OAuth 2.0 authentication methods(https://developers.google.com/accounts/docs/OAuth2ForDevices). They are available via the authorization_code
, implicit
, password
, client_credentials
, refresh_token
and device
methods on a client object.
The get_token
method on the grants does not make any assumptions about the format ofthe response from the OAuth provider. The ideal
case would be to treat all responses as JSON. However, some services may respond with in XML instead of JSON. The get_token
method
therefore, returns with an HTTPResponse object.
auth_url = client.authorization_code.authorization_path(:redirect_uri => 'http://localhost/oauth2/cb')
# => "/oauth/authorize?response_type=code&client_id={client_id}&redirect_uri=http%3A%2F%2Flocalhost%2Foauth2%2Fcb"
token_url = client.authorization_code.token_path(
:code => aXW2c6bYz,
:redirect_uri => 'http://localhost/oauth2/cb')
# => "/oauth/token?redirect_uri=http%3A%2F%2Flocalhost%2Foauth%2Fcb&client_secret={client_secret}&grant_type=authorization_code&client_id={client_id}&code=aXW2c6bYz"
auth_url = client.implicit.authorization_path(:redirect_uri => 'http://localhost/oauth2/cb')
# => "oauth/?redirect_uri=http%3A%2F%2Flocalhost%2Foauth%2Fcb&response_type=token&client_id={client_id}"
token = client.password.get_token('username', 'password')
token = client.refresh_token.get_token(refresh_token_value, :params => {:scope => 'abc xyz', :state => 'state'})
token = client.client_credentials.get_token
auth_url = client.device_code.authorization_path(:scope => 'abc xyz', :state => 'state')
# => "/oauth/device/code?scope=abc+xyz&state=state&client_id={client_id}"
# exchange device authorization code for access token
token = client.device_code.get_token(device_auth_code)
By default, oauth2-client uses a Net::HTTP
wrapper called OAuth2Client::HttpConnection
. However, if you wish to use a different HTTP library, you only
need to create a wrapper around your favorite library that will respond to the send_request
method.
class TyphoeusHttpConnection
def initialize(site_url, connection_options={})
# set url and connection options
@site_url = site_url
@connection_options = connection_options
end
def base_url(path)
@site_url + path
end
def send_request(http_method, request_path, options={})
# options may contain optional arguments like http headers, request parameters etc
# send http request over the inter-webs
params = options[:params] || {}
headers = options[:headers]|| {}
method = method.to_sym
client = Typhoeus
case method
when :get, :delete
#pass
when :post, :put
options[:body] = options.delete(:params) if options[:params]
else
raise UnhandledHTTPMethodError.new("Unsupported HTTP method, #{method}")
end
response = client.send(http_method, base_url(request_path), params)
end
end
# now you can initialize the OAuth2 client with you custom client and expect that all requests
# will be sent using this client
oauth_client = OAuth2Client::Client.new('example.com', client_id, client_secret, {
:connection_client => TyphoeusHttpConnection,
:connection_options => {}
})
This library comes bundled with two sample implementations of Google and Yammer OAuth clients. These clients are meant to showcase the degree of flexibilty that you get when using this library to interact with other OAuth 2.0 providers.
google_client = GoogleClient.new('https://accounts.google.com', '827502413694.apps.googleusercontent.com','a2nQpcUm2Dgq1chWdAvbXGTk')
# generate authorization url
auth_url = google_client.webserver_authorization_url(
:scope => 'https://www.googleapis.com/auth/userinfo.email',
:state => '/profile',
:redirect_uri => 'https://oauth2-login-demo.appspot.com/code',
:approval_prompt => 'force')
# => https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=%2Fprofile&redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Ftoken&approval_prompt=force&response_type=token&client_id=812741506391.apps.googleusercontent.com
# generate authorization url
auth_url = google_client.clientside_authorization_url(
:scope => 'https://www.googleapis.com/auth/userinfo.email',
:state => '/profile',
:redirect_uri => 'http://localhost/oauth/code',
:approval_prompt => 'force')
# => https://accounts.google.com/o/oauth2/auth?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fuserinfo.email&state=%2Fprofile&redirect_uri=https%3A%2F%2Foauth2-login-demo.appspot.com%2Fcode&approval_prompt=force&response_type=code&client_id=812741506391.apps.googleusercontent.com
# exchange authorization code for access token. we will get back a Net::HTTPResponse
response = google_client.exchange_auth_code_for_token(
:params => {
:code => '4/dbB0-UD1cvrQg2EuEFtRtHwPEmvR.IrScsjgB5M4VuJJVnL49Cc8QdUjRdAI',
:redirect_uri => 'http://localhost/oauth/token'
}
)
response.inspect
# => #<Net::HTTPOK:0x007ff8bc7c1200>
response.body
# => {
# "access_token" : "ya91.AHES8ZS-oCZnc5yHepnsosFjNln9ZKLuioF6FcMRCGUIzA",
# "token_type" : "Bearer",
# "expires_in" : 3600,
# "id_token" : "eyJhbGciOiJSUzI1NiIsImtpZCI6IjY4ZGM2ZmIxNDQ5OGJmMWRhNjNiMWYyMDA2YmRmMDA2N2Q4MzY",
# "refresh_token" : "6/Ju8uhi9xOctGEyHRzWwHhaYimfxmY0tiJ_qW3qvjWXM"
#}
gihub_client = GithubClient.new('https://github.com', '82f971d013e8d637a7e1', '1a1d59e1f8b8afa5f73e9dc9f17e25f7876e64ac')
# generate authorization url
auth_url = gihub_client.webserver_authorization_url
# => https://github.com/login/oauth/authorize?client_id=82f971d013e8d637a7e1&response_type=code
# exchange authorization code for access token. we will get back a Net::HTTPResponse
response = gihub_client.exchange_auth_code_for_token({
:code => '11a0b0b64db56c30e2ef',
:redirect_uri => 'https://localhost/callback',
})
response.inspect
# => #<Net::HTTPOK:0x007ff8bc7c1200>
response.body
# => {
# "access_token" : "e409f4272fe539166a77c42479de030e7660812a",
# "token_type" : "bearer"
# }"
This library aims to support and is tested against the following Ruby version:
- Ruby 1.8.7
- Ruby 1.9.2
- Ruby 1.9.3
This library may inadvertently work (or seem to work) on other Ruby implementations, however support will only be provided for the versions listed above.
Copyright (c) 2013 Kevin Mutyaba See [LICENSE][license] for details. [license]: https://github.com/tiabas/oauth2-client/blob/master/LICENSE