| Class | Google::Auth::UserAuthorizer |
| In: |
lib/googleauth/user_authorizer.rb
|
| Parent: | Object |
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
Example usage for a simple command line app:
credentials = authorizer.get_credentials(user_id)
if credentials.nil?
url = authorizer.get_authorization_url(
base_url: OOB_URI)
puts "Open the following URL in the browser and enter the " +
"resulting code after authorization"
puts url
code = gets
credentials = authorizer.get_and_store_credentials_from_code(
user_id: user_id, code: code, base_url: OOB_URI)
end
# Credentials ready to use, call APIs
...
| MISMATCHED_CLIENT_ID_ERROR | = | "Token client ID of %s does not match configured client id %s".freeze |
| NIL_CLIENT_ID_ERROR | = | "Client id can not be nil.".freeze |
| NIL_SCOPE_ERROR | = | "Scope can not be nil.".freeze |
| NIL_USER_ID_ERROR | = | "User ID can not be nil.".freeze |
| NIL_TOKEN_STORE_ERROR | = | "Can not call method if token store is nil".freeze |
| MISSING_ABSOLUTE_URL_ERROR | = | 'Absolute base url required for relative callback url "%s"'.freeze |
Initialize the authorizer
@param [Google::Auth::ClientID] client_id
Configured ID & secret for this application
@param [String, Array<String>] scope
Authorization scope to request
@param [Google::Auth::Stores::TokenStore] token_store
Backing storage for persisting user credentials
@param [String] callback_uri
URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'
Exchanges an authorization code returned in the oauth callback. Additionally, stores the resulting credentials in the token store if the exchange is successful.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [String] code
The authorization code from the OAuth callback
@param [String, Array<String>] scope
Authorization scope requested. Overrides the instance scopes if not nil.
@param [String] base_url
Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.
@return [Google::Auth::UserRefreshCredentials]
Credentials if exchange is successful
Build the URL for requesting authorization.
@param [String] login_hint
Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.
@param [String] state
Opaque state value to be returned to the oauth callback.
@param [String] base_url
Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.
@param [String, Array<String>] scope
Authorization scope to request. Overrides the instance scopes if not nil.
@return [String]
Authorization url
Fetch stored credentials for the user.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [Array<String>, String] scope
If specified, only returns credentials that have all the requested scopes
@return [Google::Auth::UserRefreshCredentials]
Stored credentials, nil if none present
Exchanges an authorization code returned in the oauth callback
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [String] code
The authorization code from the OAuth callback
@param [String, Array<String>] scope
Authorization scope requested. Overrides the instance scopes if not nil.
@param [String] base_url
Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.
@return [Google::Auth::UserRefreshCredentials]
Credentials if exchange is successful
Revokes a user‘s credentials. This both revokes the actual grant as well as removes the token from the token store.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
Store credentials for a user. Generally not required to be called directly, but may be used to migrate tokens from one store to another.
@param [String] user_id
Unique ID of the user for loading/storing credentials.
@param [Google::Auth::UserRefreshCredentials] credentials
Credentials to store.