1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
# frozen_string_literal: true
module OAuth2
class AccessToken # rubocop:disable Metrics/ClassLength
TOKEN_KEYS_STR = %w[access_token id_token token accessToken idToken].freeze
TOKEN_KEYS_SYM = %i[access_token id_token token accessToken idToken].freeze
TOKEN_KEY_LOOKUP = TOKEN_KEYS_STR + TOKEN_KEYS_SYM
attr_reader :client, :token, :expires_in, :expires_at, :expires_latency, :params
attr_accessor :options, :refresh_token, :response
class << self
# Initializes an AccessToken from a Hash
#
# @param [Client] client the OAuth2::Client instance
# @param [Hash] hash a hash of AccessToken property values
# @option hash [String, Symbol] 'access_token', 'id_token', 'token', :access_token, :id_token, or :token the access token
# @return [AccessToken] the initialized AccessToken
def from_hash(client, hash)
fresh = hash.dup
supported_keys = TOKEN_KEY_LOOKUP & fresh.keys
key = supported_keys[0]
extra_tokens_warning(supported_keys, key)
token = fresh.delete(key)
new(client, token, fresh)
end
# Initializes an AccessToken from a key/value application/x-www-form-urlencoded string
#
# @param [Client] client the OAuth2::Client instance
# @param [String] kvform the application/x-www-form-urlencoded string
# @return [AccessToken] the initialized AccessToken
def from_kvform(client, kvform)
from_hash(client, Rack::Utils.parse_query(kvform))
end
private
# Having too many is sus, and may lead to bugs. Having none is fine (e.g. refresh flow doesn't need a token).
def extra_tokens_warning(supported_keys, key)
return if OAuth2.config.silence_extra_tokens_warning
return if supported_keys.length <= 1
warn("OAuth2::AccessToken.from_hash: `hash` contained more than one 'token' key (#{supported_keys}); using #{key.inspect}.")
end
end
# Initialize an AccessToken
#
# @param [Client] client the OAuth2::Client instance
# @param [String] token the Access Token value (optional, may not be used in refresh flows)
# @param [Hash] opts the options to create the Access Token with
# @option opts [String] :refresh_token (nil) the refresh_token value
# @option opts [FixNum, String] :expires_in (nil) the number of seconds in which the AccessToken will expire
# @option opts [FixNum, String] :expires_at (nil) the epoch time in seconds in which AccessToken will expire
# @option opts [FixNum, String] :expires_latency (nil) the number of seconds by which AccessToken validity will be reduced to offset latency, @version 2.0+
# @option opts [Symbol] :mode (:header) the transmission mode of the Access Token parameter value
# one of :header, :body or :query
# @option opts [String] :header_format ('Bearer %s') the string format to use for the Authorization header
# @option opts [String] :param_name ('access_token') the parameter name to use for transmission of the
# Access Token value in :body or :query transmission mode
def initialize(client, token, opts = {})
@client = client
@token = token.to_s
opts = opts.dup
%i[refresh_token expires_in expires_at expires_latency].each do |arg|
instance_variable_set("@#{arg}", opts.delete(arg) || opts.delete(arg.to_s))
end
no_tokens = (@token.nil? || @token.empty?) && (@refresh_token.nil? || @refresh_token.empty?)
if no_tokens
if @client.options[:raise_errors]
error = Error.new(opts)
raise(error)
else
warn('OAuth2::AccessToken has no token')
end
end
# @option opts [Fixnum, String] :expires is deprecated
@expires_in ||= opts.delete('expires')
@expires_in &&= @expires_in.to_i
@expires_at &&= convert_expires_at(@expires_at)
@expires_latency &&= @expires_latency.to_i
@expires_at ||= Time.now.to_i + @expires_in if @expires_in
@expires_at -= @expires_latency if @expires_latency
@options = {mode: opts.delete(:mode) || :header,
header_format: opts.delete(:header_format) || 'Bearer %s',
param_name: opts.delete(:param_name) || 'access_token'}
@params = opts
end
# Indexer to additional params present in token response
#
# @param [String] key entry key to Hash
def [](key)
@params[key]
end
# Whether or not the token expires
#
# @return [Boolean]
def expires?
!!@expires_at
end
# Whether or not the token is expired
#
# @return [Boolean]
def expired?
expires? && (expires_at <= Time.now.to_i)
end
# Refreshes the current Access Token
#
# @return [AccessToken] a new AccessToken
# @note options should be carried over to the new AccessToken
def refresh(params = {}, access_token_opts = {})
raise('A refresh_token is not available') unless refresh_token
params[:grant_type] = 'refresh_token'
params[:refresh_token] = refresh_token
new_token = @client.get_token(params, access_token_opts)
new_token.options = options
if new_token.refresh_token
# Keep it, if there is one
else
new_token.refresh_token = refresh_token
end
new_token
end
# A compatibility alias
# @note does not modify the receiver, so bang is not the default method
alias refresh! refresh
# Convert AccessToken to a hash which can be used to rebuild itself with AccessToken.from_hash
#
# @return [Hash] a hash of AccessToken property values
def to_hash
params.merge(access_token: token, refresh_token: refresh_token, expires_at: expires_at)
end
# Make a request with the Access Token
#
# @param [Symbol] verb the HTTP request method
# @param [String] path the HTTP URL path of the request
# @param [Hash] opts the options to make the request with
# @see Client#request
def request(verb, path, opts = {}, &block)
configure_authentication!(opts)
@client.request(verb, path, opts, &block)
end
# Make a GET request with the Access Token
#
# @see AccessToken#request
def get(path, opts = {}, &block)
request(:get, path, opts, &block)
end
# Make a POST request with the Access Token
#
# @see AccessToken#request
def post(path, opts = {}, &block)
request(:post, path, opts, &block)
end
# Make a PUT request with the Access Token
#
# @see AccessToken#request
def put(path, opts = {}, &block)
request(:put, path, opts, &block)
end
# Make a PATCH request with the Access Token
#
# @see AccessToken#request
def patch(path, opts = {}, &block)
request(:patch, path, opts, &block)
end
# Make a DELETE request with the Access Token
#
# @see AccessToken#request
def delete(path, opts = {}, &block)
request(:delete, path, opts, &block)
end
# Get the headers hash (includes Authorization token)
def headers
{'Authorization' => options[:header_format] % token}
end
private
def configure_authentication!(opts)
case options[:mode]
when :header
opts[:headers] ||= {}
opts[:headers].merge!(headers)
when :query
opts[:params] ||= {}
opts[:params][options[:param_name]] = token
when :body
opts[:body] ||= {}
if opts[:body].is_a?(Hash)
opts[:body][options[:param_name]] = token
else
opts[:body] += "&#{options[:param_name]}=#{token}"
end
# @todo support for multi-part (file uploads)
else
raise("invalid :mode option of #{options[:mode]}")
end
end
def convert_expires_at(expires_at)
Time.iso8601(expires_at.to_s).to_i
rescue ArgumentError
expires_at.to_i
end
end
end
|
