Class: Signet::OAuth2::Client

Inherits:

Object

• Object
• Signet::OAuth2::Client

Defined in:

lib/signet/oauth_2/client.rb

Instance Method Summary

• #access_token ⇒ String

  Returns the access token associated with this client.

• #access_token=(new_access_token) ⇒ Object

  Sets the access token associated with this client.

• #assertion ⇒ String

  Returns the assertion associated with this client.

• #assertion=(new_assertion) ⇒ Object

  Sets the assertion associated with this client.

• #assertion_type ⇒ String

  Returns the assertion type associated with this client.

• #assertion_type=(new_assertion_type) ⇒ Object

  Sets the assertion type associated with this client.

• #authorization_uri(options = {}) ⇒ Addressable::URI

  Returns the authorization URI that the user should be redirected to.

• #authorization_uri=(new_authorization_uri) ⇒ Object

  Sets the authorization URI for this client.

• #client_id ⇒ String

  Returns the client identifier for this client.

• #client_id=(new_client_id) ⇒ Object

  Sets the client identifier for this client.

• #client_secret ⇒ String

  Returns the client secret for this client.

• #client_secret=(new_client_secret) ⇒ Object

  Sets the client secret for this client.

• #code ⇒ String

  Returns the authorization code issued to this client.

• #code=(new_code) ⇒ Object

  Sets the authorization code issued to this client.

• #decoded_id_token(public_key = nil) ⇒ String

  Returns the decoded ID token associated with this client.

• #expired? ⇒ TrueClass, FalseClass

  Returns true if the access token has expired.

• #expires_at ⇒ Integer

  Returns the timestamp the access token will expire at.

• #expires_in ⇒ Integer

  Returns the lifetime of the access token in seconds.

• #expires_in=(new_expires_in) ⇒ Object

  Sets the lifetime of the access token in seconds.

• #fetch_access_token(options = {}) ⇒ Object
• #fetch_access_token!(options = {}) ⇒ Object
• #fetch_protected_resource(options = {}) ⇒ Array

  Transmits a request for a protected resource.

• #generate_access_token_request ⇒ Array

  Generates a request for token credentials.

• #generate_authenticated_request(options = {}) ⇒ Array

  Generates an authenticated request for protected resources.

• #grant_type ⇒ String

  Returns the inferred grant type, based on the current state of the client object.

• #id_token ⇒ String

  Returns the ID token associated with this client.

• #id_token=(new_id_token) ⇒ Object

  Sets the ID token associated with this client.

• #initialize(options = {}) ⇒ Client constructor

  Creates an OAuth 2.0 client.

• #issued_at ⇒ Integer

  Returns the timestamp the access token was issued at.

• #issued_at=(new_issued_at) ⇒ Object

  Sets the timestamp the access token was issued at.

• #password ⇒ String

  Returns the password associated with this client.

• #password=(new_password) ⇒ Object

  Sets the password associated with this client.

• #redirect_uri ⇒ String

  Returns the redirect URI for this client.

• #redirect_uri=(new_redirect_uri) ⇒ Object

  Sets the redirect URI for this client.

• #refresh_token ⇒ String

  Returns the refresh token associated with this client.

• #refresh_token=(new_refresh_token) ⇒ Object

  Sets the refresh token associated with this client.

• #scope ⇒ Array

  Returns the scope for this client.

• #scope=(new_scope) ⇒ Object

  Sets the scope for this client.

• #state ⇒ String

  Returns the client’s current state value.

• #state=(new_state) ⇒ Object

  Sets the client’s current state value.

• #token_credential_uri ⇒ Addressable::URI

  Returns the token credential URI for this client.

• #token_credential_uri=(new_token_credential_uri) ⇒ Object

  Sets the token credential URI for this client.

• #update!(options = {}) ⇒ Object

  Updates an OAuth 2.0 client.

• #update_token!(options = {}) ⇒ Object

  Updates an OAuth 2.0 client.

• #username ⇒ String

  Returns the username associated with this client.

• #username=(new_username) ⇒ Object

  Sets the username associated with this client.

Constructor Details

#initialize(options = {}) ⇒ Client

Creates an OAuth 2.0 client.

Examples:

client = Signet::OAuth2::Client.new(
  :authorization_endpoint_uri =>
    'https://example.server.com/authorization',
  :token_endpoint_uri =>
    'https://example.server.com/token',
  :client_id => 'anonymous',
  :client_secret => 'anonymous',
  :scope => 'example',
  :redirect_uri => 'https://example.client.com/oauth'
)

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the client.

  • :authorization_uri — The authorization server’s HTTP endpoint capable of authenticating the end-user and obtaining authorization.

  • :token_credential_uri — The authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.

  • :client_id — A unique identifier issued to the client to identify itself to the authorization server.

  • :client_secret — A shared symmetric secret issued by the authorization server, which is used to authenticate the client.

  • :scope — The scope of the access request, expressed either as an Array or as a space-delimited String.

  • :state — An arbitrary string designed to allow the client to maintain state.

  • :code — The authorization code received from the authorization server.

  • :redirect_uri — The redirection URI used in the initial request.

  • :username — The resource owner’s username.

  • :password — The resource owner’s password.

  • :assertion_type — The format of the assertion as defined by the authorization server. The value must be an absolute URI.

  • :assertion — The raw assertion value.

  • :refresh_token — The refresh token associated with the access token to be refreshed.

  • :access_token — The current access token for this client.

  • :id_token — The current ID token for this client.

See Also:

• #update!

# File 'lib/signet/oauth_2/client.rb', line 81

def initialize(options={})
  self.update!(options)
end

Instance Method Details

#access_token ⇒ String

Returns the access token associated with this client.

Returns:

• (String) —

  The access token.

# File 'lib/signet/oauth_2/client.rb', line 525

def access_token
  return @access_token ||= nil
end

#access_token=(new_access_token) ⇒ Object

Sets the access token associated with this client.

Parameters:

• new_access_token (String) —

  The access token.

# File 'lib/signet/oauth_2/client.rb', line 534

def access_token=(new_access_token)
  @access_token = new_access_token
end

#assertion ⇒ String

Returns the assertion associated with this client. Used only by the assertion access grant type.

Returns:

• (String) —

  The assertion.

# File 'lib/signet/oauth_2/client.rb', line 490

def assertion
  return @assertion
end

#assertion=(new_assertion) ⇒ Object

Sets the assertion associated with this client. Used only by the assertion access grant type.

Parameters:

• new_assertion (String) —

  The assertion.

# File 'lib/signet/oauth_2/client.rb', line 500

def assertion=(new_assertion)
  @assertion = new_assertion
end

#assertion_type ⇒ String

Returns the assertion type associated with this client. Used only by the assertion access grant type.

Returns:

• (String) —

  The assertion type.

# File 'lib/signet/oauth_2/client.rb', line 466

def assertion_type
  return @assertion_type
end

#assertion_type=(new_assertion_type) ⇒ Object

Sets the assertion type associated with this client. Used only by the assertion access grant type.

Parameters:

• new_assertion_type (String) —

  The password.

# File 'lib/signet/oauth_2/client.rb', line 476

def assertion_type=(new_assertion_type)
  new_assertion_type = Addressable::URI.parse(new_assertion_type)
  if new_assertion_type == nil || new_assertion_type.absolute?
    @assertion_type = new_assertion_type
  else
    raise ArgumentError, "Assertion type must be an absolute URI."
  end
end

#authorization_uri(options = {}) ⇒ Addressable::URI

Returns the authorization URI that the user should be redirected to.

Returns:

• (Addressable::URI) —

  The authorization URI.

See Also:

• Signet::OAuth2.generate_authorization_uri

# File 'lib/signet/oauth_2/client.rb', line 222

def authorization_uri(options={})
  return nil if @authorization_uri == nil
  unless options[:response_type]
    options[:response_type] = :code
  end
  unless options[:access_type]
    options[:access_type] = :offline
  end
  unless options[:approval_prompt]
    # This default will likely change in the future.
    options[:approval_prompt] = :force
  end
  options[:client_id] ||= self.client_id
  options[:redirect_uri] ||= self.redirect_uri
  unless options[:client_id]
    raise ArgumentError, "Missing required client identifier."
  end
  unless options[:redirect_uri]
    raise ArgumentError, "Missing required redirect URI."
  end
  if !options[:scope] && self.scope
    options[:scope] = self.scope.join(' ')
  end
  options[:state] = self.state unless options[:state]
  uri = Addressable::URI.parse(
    ::Signet::OAuth2.generate_authorization_uri(
      @authorization_uri, options
    )
  )
  if uri.normalized_scheme != 'https'
    raise Signet::UnsafeOperationError,
      'Authorization endpoint must be protected by TLS.'
  end
  return uri
end

#authorization_uri=(new_authorization_uri) ⇒ Object

Sets the authorization URI for this client.

Parameters:

• new_authorization_uri (Addressable::URI, String, #to_str) —

  The authorization URI.

# File 'lib/signet/oauth_2/client.rb', line 263

def authorization_uri=(new_authorization_uri)
  if new_authorization_uri != nil
    new_authorization_uri =
      Addressable::URI.parse(new_authorization_uri)
    @authorization_uri = new_authorization_uri
  else
    @authorization_uri = nil
  end
end

#client_id ⇒ String

Returns the client identifier for this client.

Returns:

• (String) —

  The client identifier.

# File 'lib/signet/oauth_2/client.rb', line 300

def client_id
  return @client_id
end

#client_id=(new_client_id) ⇒ Object

Sets the client identifier for this client.

Parameters:

• new_client_id (String) —

  The client identifier.

# File 'lib/signet/oauth_2/client.rb', line 309

def client_id=(new_client_id)
  @client_id = new_client_id
end

#client_secret ⇒ String

Returns the client secret for this client.

Returns:

• (String) —

  The client secret.

# File 'lib/signet/oauth_2/client.rb', line 317

def client_secret
  return @client_secret
end

#client_secret=(new_client_secret) ⇒ Object

Sets the client secret for this client.

Parameters:

• new_client_secret (String) —

  The client secret.

# File 'lib/signet/oauth_2/client.rb', line 326

def client_secret=(new_client_secret)
  @client_secret = new_client_secret
end

#code ⇒ String

Returns the authorization code issued to this client. Used only by the authorization code access grant type.

Returns:

• (String) —

  The authorization code.

# File 'lib/signet/oauth_2/client.rb', line 387

def code
  return @code
end

#code=(new_code) ⇒ Object

Sets the authorization code issued to this client. Used only by the authorization code access grant type.

Parameters:

• new_code (String) —

  The authorization code.

# File 'lib/signet/oauth_2/client.rb', line 397

def code=(new_code)
  @code = new_code
end

#decoded_id_token(public_key = nil) ⇒ String

Returns the decoded ID token associated with this client.

Parameters:

• public_key (OpenSSL::PKey::RSA, Object) (defaults to: nil) —

  The public key to use to verify the ID token. Skips verification if omitted.

Returns:

• (String) —

  The decoded ID token.

# File 'lib/signet/oauth_2/client.rb', line 563

def decoded_id_token(public_key=nil)
  JWT.decode(self.id_token, public_key, !!public_key)
end

#expired? ⇒ TrueClass, FalseClass

Returns true if the access token has expired.

Returns:

• (TrueClass, FalseClass) —

  The expiration state of the access token.

# File 'lib/signet/oauth_2/client.rb', line 624

def expired?
  return self.expires_at == nil || Time.now >= self.expires_at
end

#expires_at ⇒ Integer

Returns the timestamp the access token will expire at.

Returns:

• (Integer) —

  The access token lifetime.

# File 'lib/signet/oauth_2/client.rb', line 611

def expires_at
  if @issued_at && @expires_in
    return @issued_at + @expires_in
  else
    return nil
  end
end

#expires_in ⇒ Integer

Returns the lifetime of the access token in seconds.

Returns:

• (Integer) —

  The access token lifetime.

# File 'lib/signet/oauth_2/client.rb', line 571

def expires_in
  return @expires_in
end

#expires_in=(new_expires_in) ⇒ Object

Sets the lifetime of the access token in seconds. Resets the issued timestamp.

Parameters:

• new_expires_in (String) —

  The access token lifetime.

# File 'lib/signet/oauth_2/client.rb', line 581

def expires_in=(new_expires_in)
  if new_expires_in != nil
    @expires_in = new_expires_in.to_i
    @issued_at = Time.now
  else
    @expires_in, @issued_at = nil, nil
  end
end

#fetch_access_token(options = {}) ⇒ Object

# File 'lib/signet/oauth_2/client.rb', line 705

def fetch_access_token(options={})
  adapter = options[:adapter]
  unless adapter
    require 'httpadapter'
    require 'httpadapter/adapters/net_http'
    adapter = HTTPAdapter::NetHTTPAdapter.new
  end
  connection = options[:connection]
  request = self.generate_access_token_request
  response = adapter.transmit(request, connection)
  status, headers, body = response
  merged_body = StringIO.new
  body.each do |chunk|
    merged_body.write(chunk)
  end
  body = merged_body.string
  if status.to_i == 200
    return ::Signet::OAuth2.parse_json_credentials(body)
  elsif [400, 401, 403].include?(status.to_i)
    message = 'Authorization failed.'
    if body.strip.length > 0
      message += "  Server message:\n#{body.strip}"
    end
    raise ::Signet::AuthorizationError.new(
      message, :request => request, :response => response
    )
  else
    message = "Unexpected status code: #{status}."
    if body.strip.length > 0
      message += "  Server message:\n#{body.strip}"
    end
    raise ::Signet::AuthorizationError.new(
      message, :request => request, :response => response
    )
  end
end

#fetch_access_token!(options = {}) ⇒ Object

# File 'lib/signet/oauth_2/client.rb', line 742

def fetch_access_token!(options={})
  token_hash = self.fetch_access_token(options)
  if token_hash
    # No-op for grant types other than `authorization_code`.
    # An authorization code is a one-time use token and is immediately
    # revoked after usage.
    self.code = nil
    self.issued_at = Time.now
    self.update_token!(token_hash)
  end
  return token_hash
end

#fetch_protected_resource(options = {}) ⇒ Array

Transmits a request for a protected resource.

Examples:

# Using Net::HTTP
response = client.fetch_protected_resource(
  :uri => 'http://www.example.com/protected/resource'
)
status, headers, body = response

# Using Typhoeus
response = client.fetch_protected_resource(
  :request => Typhoeus::Request.new(
    'http://www.example.com/protected/resource'
  ),
  :adapter => HTTPAdapter::TyphoeusAdapter.new,
  :connection => connection
)
status, headers, body = response

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the request.

  • :request — A pre-constructed request. An OAuth 2 Authorization header will be added to it, as well as an explicit Cache-Control ‘no-store` directive.

  • :method — The HTTP method for the request. Defaults to ‘GET’.

  • :uri — The URI for the request.

  • :headers — The HTTP headers for the request.

  • :body — The HTTP body for the request.

  • :realm — The Authorization realm. See RFC 2617.

  • :adapter — The HTTP adapter. Defaults to HTTPAdapter::NetHTTPAdapter.new.

  • :connection — An open, manually managed HTTP connection. Must be of type HTTPAdapter::Connection and the internal connection representation must match the HTTP adapter being used.

Returns:

• (Array) —

  The response object.

# File 'lib/signet/oauth_2/client.rb', line 879

def fetch_protected_resource(options={})
  adapter = options[:adapter]
  unless adapter
    require 'httpadapter'
    require 'httpadapter/adapters/net_http'
    adapter = HTTPAdapter::NetHTTPAdapter.new
  end
  connection = options[:connection]
  request = self.generate_authenticated_request(options)
  response = adapter.transmit(request, connection)
  status, headers, body = response
  merged_body = StringIO.new
  body.each do |chunk|
    merged_body.write(chunk)
  end
  body = merged_body.string
  if status.to_i == 401
    # When accessing a protected resource, we only want to raise an
    # error for 401 responses.
    message = 'Authorization failed.'
    if body.strip.length > 0
      message += "  Server message:\n#{body.strip}"
    end
    raise ::Signet::AuthorizationError.new(
      message, :request => request, :response => response
    )
  else
    return response
  end
end

#generate_access_token_request ⇒ Array

Generates a request for token credentials.

Parameters:

• options (Hash) —

  The configuration parameters for the request.

  • :code — The authorization code.

Returns:

• (Array) —

  The request object.

# File 'lib/signet/oauth_2/client.rb', line 660

def generate_access_token_request
  if self.token_credential_uri == nil
    raise ArgumentError, 'Missing token endpoint URI.'
  end
  if self.client_id == nil
    raise ArgumentError, 'Missing client identifier.'
  end
  if self.client_secret == nil
    raise ArgumentError, 'Missing client secret.'
  end
  method = 'POST'
  parameters = {"grant_type" => self.grant_type}
  case self.grant_type
  when 'authorization_code'
    parameters['code'] = self.code
    parameters['redirect_uri'] = self.redirect_uri
  when 'password'
    parameters['username'] = self.username
    parameters['password'] = self.password
  when 'assertion'
    parameters['assertion_type'] = self.assertion_type
    parameters['assertion'] = self.assertion
  when 'refresh_token'
    parameters['refresh_token'] = self.refresh_token
  else
    if self.redirect_uri
      # Grant type was intended to be `authorization_code` because of
      # the presence of the redirect URI.
      raise ArgumentError, 'Missing authorization code.'
    end
  end
  parameters['client_id'] = self.client_id
  parameters['client_secret'] = self.client_secret
  headers = [
    ['Cache-Control', 'no-store'],
    ['Content-Type', 'application/x-www-form-urlencoded']
  ]
  return [
    method,
    self.token_credential_uri.to_str,
    headers,
    [Addressable::URI.form_encode(parameters)]
  ]
end

#generate_authenticated_request(options = {}) ⇒ Array

Generates an authenticated request for protected resources.

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the request.

  • :request — A pre-constructed request. An OAuth 2 Authorization header will be added to it, as well as an explicit Cache-Control ‘no-store` directive.

  • :method — The HTTP method for the request. Defaults to ‘GET’.

  • :uri — The URI for the request.

  • :headers — The HTTP headers for the request.

  • :body — The HTTP body for the request.

  • :realm — The Authorization realm. See RFC 2617.

Returns:

• (Array) —

  The request object.

# File 'lib/signet/oauth_2/client.rb', line 776

def generate_authenticated_request(options={})
  if self.access_token == nil
    raise ArgumentError, 'Missing access token.'
  end
  options = {
    :realm => nil
  }.merge(options)
  if options[:request]
    if options[:request].kind_of?(Array)
      request = options[:request]
    elsif options[:adapter]
      request = options[:adapter].adapt_request(options[:request])
    end
    method, uri, headers, body = request
  else
    method = options[:method] || 'GET'
    uri = options[:uri]
    headers = options[:headers] || []
    body = options[:body] || ''
  end
  headers = headers.to_a if headers.kind_of?(Hash)
  request_components = {
    :method => method,
    :uri => uri,
    :headers => headers,
    :body => body
  }
  # Verify that we have all pieces required to return an HTTP request
  request_components.each do |(key, value)|
    unless value
      raise ArgumentError, "Missing :#{key} parameter."
    end
  end
  if !body.kind_of?(String) && body.respond_to?(:each)
    # Just in case we get a chunked body
    merged_body = StringIO.new
    body.each do |chunk|
      merged_body.write(chunk)
    end
    body = merged_body.string
  end
  if !body.kind_of?(String)
    raise TypeError, "Expected String, got #{body.class}."
  end
  method = method.to_s.upcase
  headers << [
    'Authorization',
    ::Signet::OAuth2.generate_bearer_authorization_header(
      self.access_token,
      options[:realm] ? ['realm', options[:realm]] : nil
    )
  ]
  headers << ['Cache-Control', 'no-store']
  return [method, uri.to_str, headers, [body]]
end

#grant_type ⇒ String

Returns the inferred grant type, based on the current state of the client object. Returns ‘“none”` if the client has insufficient information to make an in-band authorization request.

Returns:

• (String) —

  The inferred grant type.

# File 'lib/signet/oauth_2/client.rb', line 635

def grant_type
  if self.code && self.redirect_uri
    return 'authorization_code'
  elsif self.assertion && self.assertion_type
    return 'assertion'
  elsif self.refresh_token
    return 'refresh_token'
  elsif self.username && self.password
    return 'password'
  else
    # We don't have sufficient auth information, assume an out-of-band
    # authorization arrangement between the client and server.
    return 'none'
  end
end

#id_token ⇒ String

Returns the ID token associated with this client.

Returns:

• (String) —

  The ID token.

# File 'lib/signet/oauth_2/client.rb', line 542

def id_token
  return @id_token ||= nil
end

#id_token=(new_id_token) ⇒ Object

Sets the ID token associated with this client.

Parameters:

• new_id_token (String) —

  The ID token.

# File 'lib/signet/oauth_2/client.rb', line 551

def id_token=(new_id_token)
  @id_token = new_id_token
end

#issued_at ⇒ Integer

Returns the timestamp the access token was issued at.

Returns:

• (Integer) —

  The access token issuance time.

# File 'lib/signet/oauth_2/client.rb', line 594

def issued_at
  return @issued_at
end

#issued_at=(new_issued_at) ⇒ Object

Sets the timestamp the access token was issued at.

Parameters:

• new_issued_at (String) —

  The access token issuance time.

# File 'lib/signet/oauth_2/client.rb', line 603

def issued_at=(new_issued_at)
  @issued_at = new_issued_at
end

#password ⇒ String

Returns the password associated with this client. Used only by the resource owner password credential access grant type.

Returns:

• (String) —

  The password.

# File 'lib/signet/oauth_2/client.rb', line 447

def password
  return @password
end

#password=(new_password) ⇒ Object

Sets the password associated with this client. Used only by the resource owner password credential access grant type.

Parameters:

• new_password (String) —

  The password.

# File 'lib/signet/oauth_2/client.rb', line 457

def password=(new_password)
  @password = new_password
end

#redirect_uri ⇒ String

Returns the redirect URI for this client.

Returns:

• (String) —

  The redirect URI.

# File 'lib/signet/oauth_2/client.rb', line 405

def redirect_uri
  return @redirect_uri
end

#redirect_uri=(new_redirect_uri) ⇒ Object

Sets the redirect URI for this client.

Parameters:

• new_redirect_uri (String) —

  The redirect URI.

# File 'lib/signet/oauth_2/client.rb', line 414

def redirect_uri=(new_redirect_uri)
  new_redirect_uri = Addressable::URI.parse(new_redirect_uri)
  if new_redirect_uri == nil || new_redirect_uri.absolute?
    @redirect_uri = new_redirect_uri
  else
    raise ArgumentError, "Redirect URI must be an absolute URI."
  end
end

#refresh_token ⇒ String

Returns the refresh token associated with this client.

Returns:

• (String) —

  The refresh token.

# File 'lib/signet/oauth_2/client.rb', line 508

def refresh_token
  return @refresh_token ||= nil
end

#refresh_token=(new_refresh_token) ⇒ Object

Sets the refresh token associated with this client.

Parameters:

• new_refresh_token (String) —

  The refresh token.

# File 'lib/signet/oauth_2/client.rb', line 517

def refresh_token=(new_refresh_token)
  @refresh_token = new_refresh_token
end

#scope ⇒ Array

Returns the scope for this client. Scope is a list of access ranges defined by the authorization server.

Returns:

• (Array) —

  The scope of access the client is requesting.

# File 'lib/signet/oauth_2/client.rb', line 335

def scope
  return @scope
end

#scope=(new_scope) ⇒ Object

Sets the scope for this client.

Parameters:

• new_scope (Array, String) —

  The scope of access the client is requesting. This may be expressed as either an Array of String objects or as a space-delimited String.

# File 'lib/signet/oauth_2/client.rb', line 346

def scope=(new_scope)
  case new_scope
  when Array
    new_scope.each do |scope|
      if scope.include?(' ')
        raise Signet::ParseError,
          "Individual scopes cannot contain the space character."
      end
    end
    @scope = new_scope
  when String
    @scope = new_scope.split(' ')
  when nil
    @scope = nil
  else
    raise TypeError, "Expected Array or String, got #{new_scope.class}"
  end
end

#state ⇒ String

Returns the client’s current state value.

Returns:

• (String) —

  The state value.

# File 'lib/signet/oauth_2/client.rb', line 369

def state
  return @state
end

#state=(new_state) ⇒ Object

Sets the client’s current state value.

Parameters:

• new_state (String) —

  The state value.

# File 'lib/signet/oauth_2/client.rb', line 378

def state=(new_state)
  @state = new_state
end

#token_credential_uri ⇒ Addressable::URI

Returns the token credential URI for this client.

Returns:

• (Addressable::URI) —

  The token credential URI.

# File 'lib/signet/oauth_2/client.rb', line 277

def token_credential_uri
  return @token_credential_uri
end

#token_credential_uri=(new_token_credential_uri) ⇒ Object

Sets the token credential URI for this client.

Parameters:

• new_token_credential_uri (Addressable::URI, String, #to_str) —

  The token credential URI.

# File 'lib/signet/oauth_2/client.rb', line 286

def token_credential_uri=(new_token_credential_uri)
  if new_token_credential_uri != nil
    new_token_credential_uri =
      Addressable::URI.parse(new_token_credential_uri)
    @token_credential_uri = new_token_credential_uri
  else
    @token_credential_uri = nil
  end
end

#update!(options = {}) ⇒ Object

Updates an OAuth 2.0 client.

Examples:

client.update!(
  :code => 'i1WsRn1uB1',
  :access_token => 'FJQbwq9',
  :expires_in => 3600
)

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters for the client.

  • :authorization_uri — The authorization server’s HTTP endpoint capable of authenticating the end-user and obtaining authorization.

  • :token_credential_uri — The authorization server’s HTTP endpoint capable of issuing tokens and refreshing expired tokens.

  • :client_id — A unique identifier issued to the client to identify itself to the authorization server.

  • :client_secret — A shared symmetric secret issued by the authorization server, which is used to authenticate the client.

  • :scope — The scope of the access request, expressed either as an Array or as a space-delimited String.

  • :state — An arbitrary string designed to allow the client to maintain state.

  • :code — The authorization code received from the authorization server.

  • :redirect_uri — The redirection URI used in the initial request.

  • :username — The resource owner’s username.

  • :password — The resource owner’s password.

  • :assertion_type — The format of the assertion as defined by the authorization server. The value must be an absolute URI.

  • :assertion — The raw assertion value.

  • :refresh_token — The refresh token associated with the access token to be refreshed.

  • :access_token — The current access token for this client.

  • :id_token — The current ID token for this client.

  • :expires_in — The current access token for this client.

See Also:

• #initialize
• #update_token!

# File 'lib/signet/oauth_2/client.rb', line 139

def update!(options={})
  # Normalize key to String to allow indifferent access.
  options = options.inject({}) do |accu, (key, value)|
    accu[key.to_s] = value
    accu
  end
  self.authorization_uri = options["authorization_uri"]
  self.token_credential_uri = options["token_credential_uri"]
  self.client_id = options["client_id"]
  self.client_secret = options["client_secret"]
  self.scope = options["scope"]
  self.state = options["state"]
  self.code = options["code"]
  self.redirect_uri = options["redirect_uri"]
  self.username = options["username"]
  self.password = options["password"]
  self.assertion_type = options["assertion_type"]
  self.assertion = options["assertion"]
  self.update_token!(options)
  return self
end

#update_token!(options = {}) ⇒ Object

Updates an OAuth 2.0 client.

Examples:

client.update!(
  :refresh_token => 'n4E9O119d',
  :access_token => 'FJQbwq9',
  :expires_in => 3600
)

Parameters:

• options (Hash) (defaults to: {}) —

  The configuration parameters related to the token.

  • :refresh_token — The refresh token associated with the access token to be refreshed.

  • :access_token — The current access token for this client.

  • :id_token — The current ID token for this client.

  • :expires_in — The current access token for this client.

  • :issued_at — The timestamp that the token was issued at.

See Also:

• #initialize
• #update!

# File 'lib/signet/oauth_2/client.rb', line 187

def update_token!(options={})
  # Normalize key to String to allow indifferent access.
  options = options.inject({}) do |accu, (key, value)|
    accu[key.to_s] = value
    accu
  end

  self.access_token = options["access_token"] if options["access_token"]
  self.expires_in = options["expires_in"] if options["expires_in"]

  # The refresh token may not be returned in a token response.
  # In which case, the old one should continue to be used.
  if options["refresh_token"]
    self.refresh_token = options["refresh_token"]
  end
  # The ID token may not be returned in a token response.
  # In which case, the old one should continue to be used.
  if options["id_token"]
    self.id_token = options["id_token"]
  end
  # By default, the token is issued at `Time.now` when `expires_in` is
  # set, but this can be used to supply a more precise time.
  if options["issued_at"]
    self.issued_at = options["issued_at"]
  end

  return self
end

#username ⇒ String

Returns the username associated with this client. Used only by the resource owner password credential access grant type.

Returns:

• (String) —

  The username.

# File 'lib/signet/oauth_2/client.rb', line 428

def username
  return @username
end

#username=(new_username) ⇒ Object

Sets the username associated with this client. Used only by the resource owner password credential access grant type.

Parameters:

• new_username (String) —

  The username.

# File 'lib/signet/oauth_2/client.rb', line 438

def username=(new_username)
  @username = new_username
end