googleauth - Class Google::Auth::WebUserAuthorizer (v1.12.1)

Reference documentation and code samples for the googleauth class Google::Auth::WebUserAuthorizer.

Varation on UserAuthorizer adapted for Rack based web applications.

Example usage:

get('/') do
  user_id = request.session['user_email']
  credentials = authorizer.get_credentials(user_id, request)
  if credentials.nil?
    redirect authorizer.get_authorization_url(user_id: user_id,
                                              request: request)
  end
  # Credentials are valid, can call APIs
  ...

end

get('/oauth2callback') do url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred( request) redirect url end

Instead of implementing the callback directly, applications are encouraged to use CallbackApp instead.

Methods

.default

def self.default()

Returns the value of attribute default.

.default=

def self.default=(value)

Sets the attribute default

.extract_callback_state

def self.extract_callback_state(request)

.handle_auth_callback_deferred

def self.handle_auth_callback_deferred(request)

Handle the result of the oauth callback. This version defers the exchange of the code by temporarily stashing the results in the user's session. This allows apps to use the generic CallbackApp handler for the callback without any additional customization.

Apps that wish to handle the callback directly should use #handle_auth_callback instead.

Parameter
  • request (Rack::Request) — Current request

.validate_callback_state

def self.validate_callback_state(state, request)

Verifies the results of an authorization callback

Parameters
  • state (Hash) — Callback state
  • request (Rack::Request) — Current request
Raises
  • (Signet::AuthorizationError)

#get_authorization_url

def get_authorization_url(options = {}) -> String

Build the URL for requesting authorization.

Parameters
  • login_hint (String) — Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.
  • request (Rack::Request) — Current request
  • redirect_to (String) — Optional URL to proceed to after authorization complete. Defaults to the current URL.
  • scope (String, Array<String>) — Authorization scope to request. Overrides the instance scopes if not nil.
  • state (Hash) — Optional key-values to be returned to the oauth callback.
Returns
  • (String) — Authorization url
Raises
  • (NIL_REQUEST_ERROR)

#get_credentials

def get_credentials(user_id, request = nil, scope = nil) -> Google::Auth::UserRefreshCredentials

Fetch stored credentials for the user from the given request session.

Parameters
  • user_id (String) — Unique ID of the user for loading/storing credentials.
  • request (Rack::Request) — Current request. Optional. If omitted, this will attempt to fall back on the base class behavior of reading from the token store.
  • scope (Array<String>, String) — If specified, only returns credentials that have all the \ requested scopes
Returns
Raises
  • (Signet::AuthorizationError) — May raise an error if an authorization code is present in the session and exchange of the code fails

#handle_auth_callback

def handle_auth_callback(user_id, request) -> Google::Auth::UserRefreshCredentials, String

Handle the result of the oauth callback. Exchanges the authorization code from the request and persists to storage.

Parameters
  • user_id (String) — Unique ID of the user for loading/storing credentials.
  • request (Rack::Request) — Current request
Returns

#initialize

def initialize(client_id, scope, token_store, legacy_callback_uri = nil, callback_uri: nil, code_verifier: nil) -> WebUserAuthorizer

Initialize the authorizer

Parameters
  • client_id (Google::Auth::ClientID) — Configured ID & secret for this application
  • scope (String, Array<String>) — Authorization scope to request
  • token_store (Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
  • legacy_callback_uri (String) — URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'. @deprecated This field is deprecated. Instead, use the keyword argument callback_uri.
  • code_verifier (String) (defaults to: nil) — Random string of 43-128 chars used to verify the key exchange using PKCE.
Returns

Constants

STATE_PARAM

value: "state".freeze

AUTH_CODE_KEY

value: "code".freeze

ERROR_CODE_KEY

value: "error".freeze

SESSION_ID_KEY

value: "session_id".freeze

CALLBACK_STATE_KEY

value: "g-auth-callback".freeze

CURRENT_URI_KEY

value: "current_uri".freeze

XSRF_KEY

value: "g-xsrf-token".freeze

SCOPE_KEY

value: "scope".freeze

NIL_REQUEST_ERROR

value: "Request is required.".freeze

NIL_SESSION_ERROR

value: "Sessions must be enabled".freeze

MISSING_AUTH_CODE_ERROR

value: "Missing authorization code in request".freeze

AUTHORIZATION_ERROR

value: "Authorization error: %s".freeze

INVALID_STATE_TOKEN_ERROR

value: "State token does not match expected value".freeze