googleauth - Class Google::Auth::WebUserAuthorizer (v1.12.0)

Reference documentation and code samples for the googleauth class Google::Auth::WebUserAuthorizer.

Varation on UserAuthorizer adapted for Rack based web applications.

Example usage:

get('/') do
  user_id = request.session['user_email']
  credentials = authorizer.get_credentials(user_id, request)
  if credentials.nil?
    redirect authorizer.get_authorization_url(user_id: user_id,
                                              request: request)
  end
  # Credentials are valid, can call APIs
  ...

end

get('/oauth2callback') do url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred( request) redirect url end

Instead of implementing the callback directly, applications are encouraged to use CallbackApp instead.

Inherits

Google::Auth::UserAuthorizer

Methods

.default

def self.default()

Returns the value of attribute default.

.default=

def self.default=(value)

Sets the attribute default

.extract_callback_state

def self.extract_callback_state(request)

.handle_auth_callback_deferred

def self.handle_auth_callback_deferred(request)

Handle the result of the oauth callback. This version defers the exchange of the code by temporarily stashing the results in the user's session. This allows apps to use the generic CallbackApp handler for the callback without any additional customization.

Apps that wish to handle the callback directly should use #handle_auth_callback instead.

Parameter

request (Rack::Request) — Current request

.validate_callback_state

def self.validate_callback_state(state, request)

Verifies the results of an authorization callback

Parameters

state (Hash) — Callback state
request (Rack::Request) — Current request

Raises

(Signet::AuthorizationError)

#get_authorization_url

def get_authorization_url(options = {}) -> String

Build the URL for requesting authorization.

Parameters

login_hint (String) — Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.
request (Rack::Request) — Current request
redirect_to (String) — Optional URL to proceed to after authorization complete. Defaults to the current URL.
scope (String, Array<String>) — Authorization scope to request. Overrides the instance scopes if not nil.
state (Hash) — Optional key-values to be returned to the oauth callback.

Returns

(String) — Authorization url

Raises

(NIL_REQUEST_ERROR)

#get_credentials

def get_credentials(user_id, request = nil, scope = nil) -> Google::Auth::UserRefreshCredentials

Fetch stored credentials for the user from the given request session.

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
request (Rack::Request) — Current request. Optional. If omitted, this will attempt to fall back on the base class behavior of reading from the token store.
scope (Array<String>, String) — If specified, only returns credentials that have all the \ requested scopes

Returns

(Google::Auth::UserRefreshCredentials) — Stored credentials, nil if none present

Raises

(Signet::AuthorizationError) — May raise an error if an authorization code is present in the session and exchange of the code fails

#handle_auth_callback

def handle_auth_callback(user_id, request) -> Google::Auth::UserRefreshCredentials, String

Handle the result of the oauth callback. Exchanges the authorization code from the request and persists to storage.

Parameters

user_id (String) — Unique ID of the user for loading/storing credentials.
request (Rack::Request) — Current request

Returns

(Google::Auth::UserRefreshCredentials, String) — credentials & next URL to redirect to

#initialize

def initialize(client_id, scope, token_store, legacy_callback_uri = nil, callback_uri: nil, code_verifier: nil) -> WebUserAuthorizer

Initialize the authorizer

Parameters

client_id (Google::Auth::ClientID) — Configured ID & secret for this application
scope (String, Array<String>) — Authorization scope to request
token_store (Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
legacy_callback_uri (String) — URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'. @deprecated This field is deprecated. Instead, use the keyword argument callback_uri.
code_verifier (String) (defaults to: nil) — Random string of 43-128 chars used to verify the key exchange using PKCE.

Returns

(WebUserAuthorizer) — a new instance of WebUserAuthorizer

Constants

STATE_PARAM

value: "state".freeze

AUTH_CODE_KEY

value: "code".freeze

ERROR_CODE_KEY

value: "error".freeze

SESSION_ID_KEY

value: "session_id".freeze

CALLBACK_STATE_KEY

value: "g-auth-callback".freeze

CURRENT_URI_KEY

value: "current_uri".freeze

XSRF_KEY

value: "g-xsrf-token".freeze

SCOPE_KEY

value: "scope".freeze

NIL_REQUEST_ERROR

value: "Request is required.".freeze

NIL_SESSION_ERROR

value: "Sessions must be enabled".freeze

MISSING_AUTH_CODE_ERROR

value: "Missing authorization code in request".freeze

AUTHORIZATION_ERROR

value: "Authorization error: %s".freeze

INVALID_STATE_TOKEN_ERROR

value: "State token does not match expected value".freeze