| Class | Google::Auth::WebUserAuthorizer |
| In: |
lib/googleauth/web_user_authorizer.rb
|
| Parent: | Google::Auth::UserAuthorizer |
Varation on {Google::Auth::UserAuthorizer} adapted for Rack based web applications.
Example usage:
get('/') do
user_id = request.session['user_email']
credentials = authorizer.get_credentials(user_id, request)
if credentials.nil?
redirect authorizer.get_authorization_url(user_id: user_id,
request: request)
end
# Credentials are valid, can call APIs
...
end
get('/oauth2callback') do
url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(
request)
redirect url
end
Instead of implementing the callback directly, applications are encouraged to use {Google::Auth::Web::AuthCallbackApp} instead.
For rails apps, see {Google::Auth::ControllerHelpers}
@see {Google::Auth::AuthCallbackApp} @see {Google::Auth::ControllerHelpers} @note Requires sessions are enabled
| STATE_PARAM | = | "state".freeze |
| AUTH_CODE_KEY | = | "code".freeze |
| ERROR_CODE_KEY | = | "error".freeze |
| SESSION_ID_KEY | = | "session_id".freeze |
| CALLBACK_STATE_KEY | = | "g-auth-callback".freeze |
| CURRENT_URI_KEY | = | "current_uri".freeze |
| XSRF_KEY | = | "g-xsrf-token".freeze |
| SCOPE_KEY | = | "scope".freeze |
| NIL_REQUEST_ERROR | = | "Request is required.".freeze |
| NIL_SESSION_ERROR | = | "Sessions must be enabled".freeze |
| MISSING_AUTH_CODE_ERROR | = | "Missing authorization code in request".freeze |
| AUTHORIZATION_ERROR | = | "Authorization error: %s".freeze |
| INVALID_STATE_TOKEN_ERROR | = | "State token does not match expected value".freeze |
| default | [RW] |
Handle the result of the oauth callback. This version defers the exchange of the code by temporarily stashing the results in the user‘s session. This allows apps to use the generic {Google::Auth::WebUserAuthorizer::CallbackApp} handler for the callback without any additional customization.
Apps that wish to handle the callback directly should use {handle_auth_callback} instead.
@param [Rack::Request] request
Current request
Initialize the authorizer
@param [Google::Auth::ClientID] client_id
Configured ID & secret for this application
@param [String, Array<String>] scope
Authorization scope to request
@param [Google::Auth::Stores::TokenStore] token_store
Backing storage for persisting user credentials
@param [String] callback_uri
URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'
Verifies the results of an authorization callback
@param [Hash] state
Callback state
@option state [String] AUTH_CODE_KEY
The authorization code
@option state [String] ERROR_CODE_KEY
Error message if failed
@param [Rack::Request] request
Current request
Build the URL for requesting authorization.
@param [String] login_hint
Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.
@param [Rack::Request] request
Current request
@param [String] redirect_to
Optional URL to proceed to after authorization complete. Defaults to the current URL.
@param [String, Array<String>] scope
Authorization scope to request. Overrides the instance scopes if not nil.
@return [String]
Authorization url
Fetch stored credentials for the user.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [Rack::Request] request
Current request
@param [Array<String>, String] scope
If specified, only returns credentials that have all the # requested scopes
@return [Google::Auth::UserRefreshCredentials]
Stored credentials, nil if none present
@raise [Signet::AuthorizationError]
May raise an error if an authorization code is present in the session and exchange of the code fails
Handle the result of the oauth callback. Exchanges the authorization code from the request and persists to storage.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [Rack::Request] request
Current request
@return (Google::Auth::UserRefreshCredentials, String)
credentials & next URL to redirect to