Class: Attio::OAuth::Client

Inherits:

Object

• Object
• Attio::OAuth::Client

Defined in:

lib/attio/oauth/client.rb

Overview

OAuth client for handling the OAuth 2.0 authorization flow

Constant Summary

OAUTH_BASE_URL =

OAuth endpoints

"https://app.attio.com/authorize"

TOKEN_URL =

Token exchange endpoint

"https://app.attio.com/oauth/token"

DEFAULT_SCOPES =

Default OAuth scopes requested if none specified

%w[
  record:read
  record:write
  object:read
  object:write
  list:read
  list:write
  webhook:read
  webhook:write
  user:read
].freeze

Instance Attribute Summary

• #client_id ⇒ Object readonly

  Returns the value of attribute client_id.

• #client_secret ⇒ Object readonly

  Returns the value of attribute client_secret.

• #redirect_uri ⇒ Object readonly

  Returns the value of attribute redirect_uri.

Instance Method Summary

• #authorization_url(scopes: DEFAULT_SCOPES, state: nil, extras: {}) ⇒ Object

  Generate authorization URL for OAuth flow.

• #exchange_code_for_token(code:, state: nil) ⇒ Object

  Exchange authorization code for access token.

• #initialize(client_id:, client_secret:, redirect_uri:) ⇒ Client constructor

  A new instance of Client.

• #introspect_token(token) ⇒ Object

  Validate token with introspection endpoint.

• #refresh_token(refresh_token) ⇒ Object

  Refresh an existing access token.

• #revoke_token(token) ⇒ Object

  Revoke a token.

Constructor Details

#initialize(client_id:, client_secret:, redirect_uri:) ⇒ Client

Returns a new instance of Client.

# File 'lib/attio/oauth/client.rb', line 31

def initialize(client_id:, client_secret:, redirect_uri:)
  @client_id = client_id
  @client_secret = client_secret
  @redirect_uri = redirect_uri
  validate_config!
end

Instance Attribute Details

#client_id ⇒ Object (readonly)

Returns the value of attribute client_id.

# File 'lib/attio/oauth/client.rb', line 29

def client_id
  @client_id
end

#client_secret ⇒ Object (readonly)

Returns the value of attribute client_secret.

# File 'lib/attio/oauth/client.rb', line 29

def client_secret
  @client_secret
end

#redirect_uri ⇒ Object (readonly)

Returns the value of attribute redirect_uri.

# File 'lib/attio/oauth/client.rb', line 29

def redirect_uri
  @redirect_uri
end

Instance Method Details

#authorization_url(scopes: DEFAULT_SCOPES, state: nil, extras: {}) ⇒ Object

Generate authorization URL for OAuth flow

# File 'lib/attio/oauth/client.rb', line 39

def authorization_url(scopes: DEFAULT_SCOPES, state: nil, extras: {})
  state ||= generate_state
  scopes = validate_scopes(scopes)

  params = {
    client_id: client_id,
    redirect_uri: redirect_uri,
    response_type: "code",
    scope: scopes.join(" "),
    state: state
  }.merge(extras)

  uri = URI.parse(OAUTH_BASE_URL)
  uri.query = URI.encode_www_form(params)

  {
    url: uri.to_s,
    state: state
  }
end

#exchange_code_for_token(code:, state: nil) ⇒ Object

Exchange authorization code for access token

Raises:

• (ArgumentError)

# File 'lib/attio/oauth/client.rb', line 61

def exchange_code_for_token(code:, state: nil)
  raise ArgumentError, "Authorization code is required" if code.nil? || code.empty?

  params = {
    grant_type: "authorization_code",
    code: code,
    redirect_uri: redirect_uri,
    client_id: client_id,
    client_secret: client_secret
  }

  response = make_token_request(params)
  Token.new(response.merge(client: self))
end

#introspect_token(token) ⇒ Object

Validate token with introspection endpoint

# File 'lib/attio/oauth/client.rb', line 116

def introspect_token(token)
  token_value = token.is_a?(Token) ? token.access_token : token

  params = {
    token: token_value,
    client_id: client_id,
    client_secret: client_secret
  }

  # Use Faraday directly for OAuth endpoints
  conn = create_oauth_connection
  response = conn.post("/oauth/introspect") do |req|
    req.headers["Content-Type"] = "application/x-www-form-urlencoded"
    req.body = URI.encode_www_form(params)
  end

  if response.success?
    response.body
  else
    handle_oauth_error(response)
  end
end

#refresh_token(refresh_token) ⇒ Object

Refresh an existing access token

Raises:

• (ArgumentError)

# File 'lib/attio/oauth/client.rb', line 77

def refresh_token(refresh_token)
  raise ArgumentError, "Refresh token is required" if refresh_token.nil? || refresh_token.empty?

  params = {
    grant_type: "refresh_token",
    refresh_token: refresh_token,
    client_id: client_id,
    client_secret: client_secret
  }

  response = make_token_request(params)
  Token.new(response.merge(client: self))
end

#revoke_token(token) ⇒ Object

Revoke a token

# File 'lib/attio/oauth/client.rb', line 92

def revoke_token(token)
  token_value = token.is_a?(Token) ? token.access_token : token

  params = {
    token: token_value,
    client_id: client_id,
    client_secret: client_secret
  }

  # Use Faraday directly for OAuth endpoints
  conn = create_oauth_connection
  response = conn.post("/oauth/revoke") do |req|
    req.headers["Content-Type"] = "application/x-www-form-urlencoded"
    req.body = URI.encode_www_form(params)
  end

  response.success?
rescue => e
  # Log the error if debug mode is enabled
  warn "OAuth token revocation failed: #{e.message}" if Attio.configuration.debug
  false
end