W3cubDocs

/Crystal

class OAuth2::Client

Overview

An OAuth2 client.

For a quick example of how to authenticate an HTTP::Client with OAuth2 if you already have an access token, check the OAuth2 module description.

This class also provides methods to build authorize URIs and get access tokens with different methods, as specified by RFC 6749.

Example

require "oauth2"

client_id = "some_client_id"
client_secret = "some_client_secret"
redirect_uri = "http://some.callback"

# Create oauth client, optionally pass custom URIs if needed,
# if the authorize or token URIs are not the standard ones
# (they can also be absolute URLs)
oauth2_client = OAuth2::Client.new("api.example.com", client_id, client_secret,
  redirect_uri: redirect_uri)

# Build an authorize URI
authorize_uri = oauth2_client.get_authorize_uri

# Redirect the user to `authorize_uri`...
#
# ...
#
# When http://some.callback is hit, once the user authorized the access,
# we resume our logic to finally get an access token. The callback URL
# should receive an `authorization_code` parameter that we need to use.
authorization_code = request.params["code"]

# Get the access token
access_token = oauth2_client.get_access_token_using_authorization_code(authorization_code)

# Probably save the access token for reuse... This can be done
# with `to_json` and `from_json`.

# Use the token to authenticate an HTTP::Client
client = HTTP::Client.new("api.example.com", tls: true)
access_token.authenticate(client)

# And do requests as usual
client.get "/some_path"

# If the token expires, we can refresh it
new_access_token = oauth2_client.get_access_token_using_refresh_token(access_token.refresh_token)

You can also use an OAuth2::Session to automatically refresh expired tokens before each request.

Defined in:

oauth2/client.cr

Constructors

Instance Method Summary

Constructor Detail

def self.new(host : String, client_id : String, client_secret : String, port : Int32? = nil, scheme = "https", authorize_uri = "/oauth2/authorize", token_uri = "/oauth2/token", redirect_uri : String? = nil, auth_scheme : AuthScheme = :http_basic)Source

Creates an OAuth client.

Any or all of the customizable URIs authorize_uri and token_uri can be relative or absolute. If they are relative, the given host, port and scheme will be used. If they are absolute, the absolute URL will be used.

As per https://tools.ietf.org/html/rfc6749#section-2.3.1, AuthScheme::HTTPBasic is the default auth_scheme (the mechanism used to transmit the client credentials to the server). AuthScheme::RequestBody should only be used if the server does not support HTTP Basic.

Instance Method Detail

def get_access_token_using_authorization_code(authorization_code : String) : AccessTokenSource

Gets an access token using an authorization code, as specified by RFC 6749, Section 4.1.3.

def get_access_token_using_client_credentials(scope = nil) : AccessTokenSource

Gets an access token using client credentials, as specified by RFC 6749, Section 4.4.2.

def get_access_token_using_refresh_token(refresh_token, scope = nil) : AccessTokenSource

Gets an access token using a refresh token, as specified by RFC 6749, Section 6.

def get_access_token_using_resource_owner_credentials(username : String, password : String, scope = nil) : AccessTokenSource

Gets an access token using the resource owner credentials, as specified by RFC 6749, Section 4.3.2.

def get_authorize_uri(scope = nil, state = nil) : StringSource

Builds an authorize URI, as specified by RFC 6749, Section 4.1.1.

def get_authorize_uri(scope = nil, state = nil, &block : HTTP::Params::Builder -> ) : StringSource

Builds an authorize URI, as specified by RFC 6749, Section 4.1.1.

Yields an HTTP::Params::Builder to add extra parameters other than those defined by the standard.

© 2012–2020 Manas Technology Solutions.
Licensed under the Apache License, Version 2.0.
https://crystal-lang.org/api/0.35.1/OAuth2/Client.html