Class: Grape::Middleware::Auth::OAuth2

Inherits:

Base

• Object
• Base
• Grape::Middleware::Auth::OAuth2

Defined in:

lib/grape/middleware/auth/oauth2.rb

Overview

OAuth 2.0 authorization for Grape APIs.

Instance Attribute Summary

Attributes inherited from Base

#app, #env, #options

Instance Method Summary

• #authorization_header ⇒ Object
• #before ⇒ Object
• #default_options ⇒ Object
• #error_out(status, error) ⇒ Object
• #token_class ⇒ Object
• #token_header ⇒ Object
• #token_parameter ⇒ Object
• #verify_token(token) ⇒ Object

Methods inherited from Base

#after, #call, #call!, #content_type, #content_type_for, #content_types, #initialize, #mime_types, #request, #response

Constructor Details

This class inherits a constructor from Grape::Middleware::Base

Instance Method Details

#authorization_header ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 35

def authorization_header
  options[:accepted_headers].each do |head|
    return env[head] if env[head]
  end
  nil
end

#before ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 14

def before
  verify_token(token_parameter || token_header)
end

#default_options ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 4

def default_options
  {
    :token_class => 'AccessToken',
    :realm => 'OAuth API',
    :parameter => %w(bearer_token oauth_token),
    :accepted_headers => %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
    :header => [/Bearer (.*)/i, /OAuth (.*)/i]
  }
end

#error_out(status, error) ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 62

def error_out(status, error)
  throw :error,
    :message => error,
    :status => status,
    :headers => {
      'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
    }
end

#token_class ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 42

def token_class
  @klass ||= eval(options[:token_class])
end

#token_header ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 25

def token_header
  return false unless authorization_header
  Array(options[:header]).each do |regexp|
    if authorization_header =~ regexp
      return $1
    end
  end
  nil
end

#token_parameter ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 18

def token_parameter
  Array(options[:parameter]).each do |p|
    return request[p] if request[p]
  end
  nil
end

#verify_token(token) ⇒ Object

# File 'lib/grape/middleware/auth/oauth2.rb', line 46

def verify_token(token)
  if token = token_class.verify(token)
    if token.respond_to?(:expired?) && token.expired?
      error_out(401, 'expired_token')
    else
      if !token.respond_to?(:permission_for?) || token.permission_for?(env)
        env['api.token'] = token
      else
        error_out(403, 'insufficient_scope')
      end
    end
  else
    error_out(401, 'invalid_token')
  end
end