Class: Grape::Middleware::Auth::OAuth2
- Inherits:
-
Base
- Object
- Base
- Grape::Middleware::Auth::OAuth2
show all
- Defined in:
- lib/grape/middleware/auth/oauth2.rb
Overview
OAuth 2.0 authorization for Grape APIs.
Instance Attribute Summary
Attributes inherited from Base
#app, #env, #options
Instance Method Summary
collapse
Methods inherited from Base
#after, #call, #call!, #content_type, #content_type_for, #content_types, #initialize, #mime_types, #response
Instance Method Details
42
43
44
45
46
47
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 42
def
options[:accepted_headers].each do |head|
return env[head] if env[head]
end
nil
end
|
#before ⇒ Object
15
16
17
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 15
def before
verify_token(token_parameter || )
end
|
#default_options ⇒ Object
4
5
6
7
8
9
10
11
12
13
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 4
def default_options
{
token_class: 'AccessToken',
realm: 'OAuth API',
parameter: %w(bearer_token oauth_token access_token),
accepted_headers: %w(HTTP_AUTHORIZATION X_HTTP_AUTHORIZATION X-HTTP_AUTHORIZATION REDIRECT_X_HTTP_AUTHORIZATION),
header: [/Bearer (.*)/i, /OAuth (.*)/i],
required: true
}
end
|
#error_out(status, error) ⇒ Object
70
71
72
73
74
75
76
77
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 70
def error_out(status, error)
throw :error,
message: error,
status: status,
headers: {
'WWW-Authenticate' => "OAuth realm='#{options[:realm]}', error='#{error}'"
}
end
|
#params ⇒ Object
23
24
25
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 23
def params
@params ||= request.params
end
|
#request ⇒ Object
19
20
21
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 19
def request
@request ||= Grape::Request.new(env)
end
|
#token_class ⇒ Object
49
50
51
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 49
def token_class
@klass ||= eval(options[:token_class]) end
|
34
35
36
37
38
39
40
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 34
def
return false unless
Array(options[:header]).each do |regexp|
return $1 if =~ regexp
end
nil
end
|
#token_parameter ⇒ Object
27
28
29
30
31
32
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 27
def token_parameter
Array(options[:parameter]).each do |p|
return params[p] if params[p]
end
nil
end
|
#verify_token(token) ⇒ Object
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
# File 'lib/grape/middleware/auth/oauth2.rb', line 53
def verify_token(token)
token = token_class.verify(token)
if token
if token.respond_to?(:expired?) && token.expired?
error_out(401, 'invalid_grant')
else
if !token.respond_to?(:permission_for?) || token.permission_for?(env)
env['api.token'] = token
else
error_out(403, 'insufficient_scope')
end
end
elsif !!options[:required]
error_out(401, 'invalid_grant')
end
end
|