Module: OAuth

Defined in:
lib/oauth/oauth.rb,
lib/oauth/client.rb,
lib/oauth/helper.rb,
lib/oauth/server.rb,
lib/oauth/version.rb,
lib/oauth/consumer.rb,
lib/oauth/optional.rb,
lib/oauth/signature.rb,
lib/oauth/errors/error.rb,
lib/oauth/tokens/token.rb,
lib/oauth/client/helper.rb,
lib/oauth/request_proxy.rb,
lib/oauth/errors/problem.rb,
lib/oauth/signature/base.rb,
lib/oauth/oauth_test_helper.rb,
lib/oauth/request_proxy/base.rb,
lib/oauth/signature/rsa/sha1.rb,
lib/oauth/errors/unauthorized.rb,
lib/oauth/signature/hmac/sha1.rb,
lib/oauth/signature/plaintext.rb,
lib/oauth/tokens/access_token.rb,
lib/oauth/tokens/server_token.rb,
lib/oauth/tokens/request_token.rb,
lib/oauth/signature/hmac/sha256.rb,
lib/oauth/tokens/consumer_token.rb,
lib/oauth/request_proxy/net_http.rb,
lib/oauth/request_proxy/curb_request.rb,
lib/oauth/request_proxy/mock_request.rb,
lib/oauth/request_proxy/rack_request.rb,
lib/oauth/request_proxy/jabber_request.rb,
lib/oauth/request_proxy/em_http_request.rb,
lib/oauth/request_proxy/typhoeus_request.rb,
lib/oauth/request_proxy/rest_client_request.rb,
lib/oauth/request_proxy/action_dispatch_request.rb,
lib/oauth/request_proxy/action_controller_request.rb

Defined Under Namespace

Modules: Client, Helper, OAuthTestHelper, Optional, RequestProxy, Signature, Version Classes: AccessToken, Consumer, ConsumerToken, Error, Problem, RequestToken, Server, ServerToken, Token, Unauthorized

Constant Summary collapse

OUT_OF_BAND =

Out-Of-Band callback token value. OAuth 1.0 and 1.0a both support out-of-band flows, where callbacks cannot be used. See RFC 5849 (OAuth 1.0), Section 6.1.1: Obtaining an Unauthorized Request Token and the 1.0a errata. Providers treating “oob” as the callback URL indicate that the verifier (for 1.0a) will be communicated out of band to the Consumer.

"oob"
PARAMETERS =

OAuth parameter keys this library recognizes when normalizing/signing requests. Notes on 1.0 vs 1.0a:

  • oauth_verifier: Introduced by OAuth 1.0a. Returned to the Consumer after user authorization and required when exchanging a Request Token for an Access Token (Section 6.3.1 in RFC 5849 / 1.0a change).

  • oauth_callback: Present in 1.0; 1.0a clarified that the Consumer MUST send it when obtaining a Request Token (or use “oob”) and that the Service Provider MUST return oauth_callback_confirmed=true with the Request Token response to prevent session fixation attacks. Note that oauth_callback_confirmed is a response parameter, not a request signing parameter, and thus is not listed here.

Other keys are common to both 1.0 and 1.0a.

%w[
  oauth_callback
  oauth_consumer_key
  oauth_token
  oauth_signature_method
  oauth_timestamp
  oauth_nonce
  oauth_verifier
  oauth_version
  oauth_signature
  oauth_body_hash
].freeze
RESERVED_CHARACTERS =

reserved character regexp, per section 5.1

/[^a-zA-Z0-9\-._~]/.freeze