googleauth - Class Google::Auth::UserAuthorizer (v1.12.0)

Reference documentation and code samples for the googleauth class Google::Auth::UserAuthorizer.

Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.

Example usage for a simple command line app:

credentials = authorizer.get_credentials(user_id)
if credentials.nil?
  url = authorizer.get_authorization_url(
    base_url: OOB_URI)
  puts "Open the following URL in the browser and enter the " +
       "resulting code after authorization"
  puts url
  code = gets
  credentials = authorizer.get_and_store_credentials_from_code(
    user_id: user_id, code: code, base_url: OOB_URI)
end
# Credentials ready to use, call APIs
...

Inherits

Object

Methods

.generate_code_verifier

def self.generate_code_verifier()

Generate the code verifier needed to be sent while fetching authorization URL.

#code_verifier=

def code_verifier=(new_code_verifier)

The code verifier for PKCE for OAuth 2.0. When set, the authorization URI will contain the Code Challenge and Code Challenge Method querystring parameters, and the token URI will contain the Code Verifier parameter.

Parameter

new_code_erifier (String|nil)

#get_and_store_credentials_from_code

def get_and_store_credentials_from_code(options = {}) -> Google::Auth::UserRefreshCredentials

Exchanges an authorization code returned in the oauth callback. Additionally, stores the resulting credentials in the token store if the exchange is successful.

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
code (String) — The authorization code from the OAuth callback
scope (String, Array<String>) — Authorization scope requested. Overrides the instance scopes if not nil.
base_url (String) — Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.

Returns

(Google::Auth::UserRefreshCredentials) — Credentials if exchange is successful

#get_authorization_url

def get_authorization_url(options = {}) -> String

Build the URL for requesting authorization.

Parameters

login_hint (String) — Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.
state (String) — Opaque state value to be returned to the oauth callback.
base_url (String) — Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.
scope (String, Array<String>) — Authorization scope to request. Overrides the instance scopes if not nil.
additional_parameters (Hash) — Additional query parameters to be added to the authorization URL.

Returns

(String) — Authorization url

#get_credentials

def get_credentials(user_id, scope = nil) -> Google::Auth::UserRefreshCredentials

Fetch stored credentials for the user.

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
scope (Array<String>, String) — If specified, only returns credentials that have all the requested scopes

Returns

(Google::Auth::UserRefreshCredentials) — Stored credentials, nil if none present

#get_credentials_from_code

def get_credentials_from_code(options = {}) -> Google::Auth::UserRefreshCredentials

Exchanges an authorization code returned in the oauth callback

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
code (String) — The authorization code from the OAuth callback
scope (String, Array<String>) — Authorization scope requested. Overrides the instance scopes if not nil.
base_url (String) — Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.
additional_parameters (Hash) — Additional parameters to be added to the post body of token endpoint request.

Returns

(Google::Auth::UserRefreshCredentials) — Credentials if exchange is successful

#initialize

def initialize(client_id, scope, token_store, legacy_callback_uri = nil, callback_uri: nil, code_verifier: nil) -> UserAuthorizer

Initialize the authorizer

Parameters

client_id (Google::Auth::ClientID) — Configured ID & secret for this application
scope (String, Array<String>) — Authorization scope to request
token_store (Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
legacy_callback_uri (String) — URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'. @deprecated This field is deprecated. Instead, use the keyword argument callback_uri.
code_verifier (String) (defaults to: nil) — Random string of 43-128 chars used to verify the key exchange using PKCE.

Returns

(UserAuthorizer) — a new instance of UserAuthorizer

Raises

(NIL_CLIENT_ID_ERROR)

#revoke_authorization

def revoke_authorization(user_id)

Revokes a user's credentials. This both revokes the actual grant as well as removes the token from the token store.

Parameter

user_id (String) — Unique ID of the user for loading/storing credentials.

#store_credentials

def store_credentials(user_id, credentials)

Store credentials for a user. Generally not required to be called directly, but may be used to migrate tokens from one store to another.

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
credentials (Google::Auth::UserRefreshCredentials) — Credentials to store.

Constants

MISMATCHED_CLIENT_ID_ERROR

value: "Token client ID of %s does not match configured client id %s".freeze

NIL_CLIENT_ID_ERROR

value: "Client id can not be nil.".freeze

NIL_SCOPE_ERROR

value: "Scope can not be nil.".freeze

NIL_USER_ID_ERROR

value: "User ID can not be nil.".freeze

NIL_TOKEN_STORE_ERROR

value: "Can not call method if token store is nil".freeze

MISSING_ABSOLUTE_URL_ERROR

value: 'Absolute base url required for relative callback url "%s"'.freeze