databasedotcom-oauth2 0.1.8 → 0.1.9
Sign up to get free protection for your applications and to get access to all the features.
- data/README.md +111 -42
- data/lib/databasedotcom-oauth2/version.rb +1 -1
- data/lib/databasedotcom-oauth2.rb +11 -13
- metadata +2 -2
data/README.md
CHANGED
@@ -1,76 +1,145 @@
|
|
1
|
-
|
1
|
+
What is databasedotcom-oauth2?
|
2
|
+
------------------------------
|
3
|
+
* an extension of the [databasedotcom](https://rubygems.org/gems/databasedotcom) gem that simplifies authentication and authorization with [salesforce.com](http://salesforce.com/) for Ruby web apps via OAuth 2.0
|
4
|
+
* a Ruby gem intended to run as Rack Middleware
|
5
|
+
* an alternative to using [OmniAuth](http://www.omniauth.org/) and the corresponding [omniauth-salesforce](https://rubygems.org/gems/omniauth-salesforce) gem.
|
2
6
|
|
3
|
-
|
7
|
+
When and why should I use it instead of OmniAuth?
|
8
|
+
---------------------------------------------------------------
|
9
|
+
Many Ruby web apps integrated with [salesforce.com](http://salesforce.com/) need more than just identification, they also need to _interact_ with [salesforce.com](http://salesforce.com/) via the [databasedotcom](https://rubygems.org/gems/databasedotcom) gem. Both OmniAuth and databasedotcom-oauth2 provide identification; however, databasedotcom-oauth2 makes the interaction part easier.
|
4
10
|
|
5
|
-
|
11
|
+
Specifically, databasedotcom-oauth2:
|
6
12
|
|
7
|
-
|
8
|
-
|
13
|
+
* allows multiple saleforce.com endpoints (production, sandbox, etc.)
|
14
|
+
* supports configuration of scope, display, and immediate OAuth 2.0 parameters
|
15
|
+
* supports My Domain
|
16
|
+
* maintains an encrypted OAuth 2.0 token in whatever session store you choose (Cookie, Pool, etc)
|
17
|
+
* materializes a [databasedotcom](https://rubygems.org/gems/databasedotcom) client upon each request (using the token in session)
|
18
|
+
* provides a mixin for your app containing utility methods like unauthenticated?, client, etc.
|
9
19
|
|
10
|
-
|
20
|
+
Demos
|
21
|
+
-------
|
11
22
|
|
12
|
-
|
23
|
+
**<a href="https://db-oauth2-sinatra-basic.herokuapp.com" target="_blank">Simple example using Sinatra</a>** <a href="https://github.com/richardvanhook/databasedotcom-oauth2-sinatra-basic" target="_blank">view source on github</a>
|
13
24
|
|
14
|
-
|
15
|
-
* Configurable/override-able options for scope, display, immediate
|
16
|
-
* OAuth2 Token encrypted and stored in session, supports any Rack:Session type - Cookie, Pool, etc.
|
17
|
-
* Materializes Databasedotcom::Client from token upon each request
|
18
|
-
* Databasedotcom::OAuth2::Helpers mixin provides convenience methods client, me, etc.
|
25
|
+
**<a href="https://db-oauth2-sinatra-jqm.herokuapp.com" target="_blank">In-depth configuration with JQuery Mobile</a>** <a href="https://github.com/richardvanhook/databasedotcom-oauth2-sinatra-jqm" target="_blank">view source on github</a>
|
19
26
|
|
20
|
-
|
27
|
+
Usage
|
28
|
+
-------
|
21
29
|
|
22
|
-
|
30
|
+
### Minimal
|
23
31
|
|
24
|
-
|
25
|
-
|
26
|
-
|
32
|
+
```ruby
|
33
|
+
require "databasedotcom-oauth"
|
34
|
+
use Databasedotcom::OAuth2::WebServerFlow,
|
35
|
+
:token_encryption_key => "replace me",
|
36
|
+
:endpoints => {"login.salesforce.com" => {:key => "replace me", :secret => "replace me"}}
|
37
|
+
```
|
27
38
|
|
28
|
-
|
39
|
+
Insert above code wherever your [Rack](http://rack.github.com/) Stack is defined. See [Required Configuration Parameters](#required-configuration-parameters) for more information on parameters.
|
29
40
|
|
30
|
-
|
41
|
+
### Multiple Endpoints
|
31
42
|
|
32
43
|
```ruby
|
33
44
|
use Databasedotcom::OAuth2::WebServerFlow,
|
34
|
-
:
|
35
|
-
|
45
|
+
:endpoints => {"login.salesforce.com" => {:key => "replace me", :secret => "replace me"},
|
46
|
+
"test.salesforce.com" => {:key => "replace me", :secret => "replace me"}}
|
36
47
|
```
|
37
48
|
|
38
|
-
###
|
39
|
-
|
49
|
+
### Authentication
|
40
50
|
```ruby
|
41
51
|
use Databasedotcom::OAuth2::WebServerFlow,
|
42
|
-
:
|
43
|
-
|
52
|
+
:display => "touch" , #default is "page"
|
53
|
+
:immediate => true , #default is false
|
54
|
+
:prompt => "login consent", #default is nil
|
55
|
+
:scope => "full" #default is "id api refresh_token"
|
44
56
|
```
|
45
|
-
|
57
|
+
|
58
|
+
### Miscellaneous
|
46
59
|
```ruby
|
47
60
|
use Databasedotcom::OAuth2::WebServerFlow,
|
48
|
-
:
|
49
|
-
:
|
50
|
-
:
|
51
|
-
:scope_override => true, #default is false
|
52
|
-
:display_override => true, #default is false
|
53
|
-
:immediate_override => true, #default is false
|
61
|
+
:api_version => "24.0" , #default is 25.0
|
62
|
+
:debugging => "true" , #default is false
|
63
|
+
:path_prefix => "/auth/sfdc" #default is /auth/salesforce
|
54
64
|
```
|
55
65
|
|
56
|
-
|
66
|
+
Required Configuration Parameters
|
67
|
+
-----------------------------------
|
57
68
|
|
58
|
-
|
69
|
+
* **`:endpoints`**
|
59
70
|
|
71
|
+
Hash of remote access applications; at least one is required. Values must be generated via [salesforce.com](http://salesforce.com/) at Setup > App Setup > Develop > Remote Access. Only one remote access application is needed for production, sandbox, or pre-release; separate entries are not necessary for My Domain.
|
60
72
|
|
73
|
+
Example:
|
74
|
+
```ruby
|
75
|
+
:endpoints => {"login.salesforce.com" => {:key => "replace me", :secret => "replace me"}
|
76
|
+
"test.salesforce.com" => {:key => "replace me", :secret => "replace me"}}
|
77
|
+
```
|
61
78
|
|
62
|
-
|
79
|
+
*Default:* nil
|
63
80
|
|
64
|
-
|
81
|
+
* **`:token_encryption_key`**
|
65
82
|
|
66
|
-
|
83
|
+
Encrypts OAuth 2.0 token prior to persistence in session store. Any Rack session store can be used: Rack:Session:Cookie, Rack:Session:Pool, etc. A sufficiently strong key **must** be generated. It's recommended you use the following command to generate a random key value.
|
67
84
|
|
68
|
-
|
85
|
+
```
|
86
|
+
ruby -ropenssl -rbase64 -e "puts Base64.strict_encode64(OpenSSL::Random.random_bytes(16).to_str)"
|
87
|
+
```
|
69
88
|
|
70
|
-
|
71
|
-
|
72
|
-
```
|
89
|
+
It's also recommended you store the key value as an environment variable as opposed to a string literal in your code. To both create the key value and store as an environment variable, use this command:
|
90
|
+
|
91
|
+
```
|
92
|
+
export TOKEN=`ruby -ropenssl -rbase64 -e "puts Base64.strict_encode64(OpenSSL::Random.random_bytes(16).to_str)"`
|
93
|
+
```
|
94
|
+
|
95
|
+
Then, in your code, decrypt prior to use:
|
73
96
|
|
74
|
-
|
97
|
+
```ruby
|
98
|
+
require "base64"
|
99
|
+
Base64.strict_decode64(ENV['TOKEN'])
|
100
|
+
```
|
101
|
+
|
102
|
+
*Default:* nil
|
103
|
+
|
104
|
+
Optional Configuration Parameters
|
105
|
+
-----------------------------------
|
106
|
+
|
107
|
+
* **`:display`, `:immediate`, `:prompt`, `:scope`**
|
108
|
+
|
109
|
+
Values passed directly to [salesforce.com](http://salesforce.com/) which control authentication behavior. See [OAuth 2.0 Web Server Authentication Flow](http://na12.salesforce.com/help/doc/en/remoteaccess_oauth_web_server_flow.htm#heading_2_1) for detailed explanation as well as valid and default values.
|
110
|
+
|
111
|
+
*Default:* see [OAuth 2.0 Web Server Authentication Flow](http://na12.salesforce.com/help/doc/en/remoteaccess_oauth_web_server_flow.htm#heading_2_1)
|
112
|
+
|
113
|
+
* **`:display_override`,`:immediate_override`, `:prompt_override`,`:scope_override`**
|
75
114
|
|
115
|
+
Allow correspondingly named parameter to be overridden at runtime via http parameter of same name. For example, if your app is capable of detecting the client device type, set **`:display_override`** to true and pass a display http parameter to `/auth/salesforce`.
|
116
|
+
|
117
|
+
*Default:* false
|
118
|
+
|
119
|
+
* **`:api_version`**
|
120
|
+
|
121
|
+
For explanation of api versions, see [What's New in Version XX.X](http://www.salesforce.com/us/developer/docs/api/Content/whats_new.htm)
|
122
|
+
|
123
|
+
*Default:* 25.0
|
124
|
+
|
125
|
+
* **`:debugging`**
|
126
|
+
|
127
|
+
Will enable debug output for both this gem and [databasedotcom](https://rubygems.org/gems/databasedotcom).
|
128
|
+
|
129
|
+
*Default:* false
|
130
|
+
|
131
|
+
* **`:on_failure`**
|
132
|
+
|
133
|
+
A lambda block to be executed upon authentication failure.
|
134
|
+
|
135
|
+
*Default:* redirect to `/auth/salesforce/failure` with error message passed via message http parameter.
|
136
|
+
|
137
|
+
* **`:path_prefix`**
|
138
|
+
|
139
|
+
The path that signals databasedotcom-oauth2 to initiate authentication with [salesforce.com](http://salesforce.com/).
|
140
|
+
|
141
|
+
*Default:* /auth/salesforce
|
142
|
+
|
143
|
+
## Resources
|
144
|
+
* [OAuth 2.0 Web Server Authentication Flow](http://na12.salesforce.com/help/doc/en/remoteaccess_oauth_web_server_flow.htm)
|
76
145
|
* [Article: Digging Deeper into OAuth 2.0 on Force.com](http://wiki.developerforce.com/index.php/Digging_Deeper_into_OAuth_2.0_on_Force.com)
|
@@ -50,11 +50,6 @@ module Databasedotcom
|
|
50
50
|
client
|
51
51
|
end
|
52
52
|
|
53
|
-
#def set_org_and_user_id(orgid, userid)
|
54
|
-
# @org_id = orgid
|
55
|
-
# @user_id = userid
|
56
|
-
#end
|
57
|
-
|
58
53
|
def org_id=(val)
|
59
54
|
@org_id = val
|
60
55
|
end
|
@@ -101,13 +96,15 @@ module Databasedotcom
|
|
101
96
|
@token_encryption_key = options[:token_encryption_key]
|
102
97
|
@path_prefix = options[:path_prefix]
|
103
98
|
@on_failure = options[:on_failure]
|
104
|
-
@scope = options[:scope]
|
105
99
|
@display = options[:display]
|
106
100
|
@immediate = options[:immediate]
|
107
|
-
@
|
101
|
+
@prompt = options[:prompt]
|
102
|
+
@scope = options[:scope]
|
108
103
|
@display_override = options[:display_override] || false
|
109
104
|
@immediate_override = options[:immediate_override] || false
|
110
|
-
@
|
105
|
+
@prompt_override = options[:prompt_override] || false
|
106
|
+
@scope_override = options[:scope_override] || false
|
107
|
+
@api_version = options[:api_version] || "25.0"
|
111
108
|
@debugging = options[:debugging] || false
|
112
109
|
end
|
113
110
|
|
@@ -180,18 +177,20 @@ module Databasedotcom
|
|
180
177
|
:redirect_uri => "#{full_host}#{@path_prefix}/callback",
|
181
178
|
:state => state.to_str
|
182
179
|
}
|
183
|
-
auth_params[:scope] = @scope unless @scope.nil? || @scope.strip.empty?
|
184
180
|
auth_params[:display] = @display unless @display.nil?
|
185
181
|
auth_params[:immediate] = @immediate unless @immediate.nil?
|
186
|
-
|
182
|
+
auth_params[:prompt] = @prompt unless @prompt.nil?
|
183
|
+
auth_params[:scope] = @scope unless @scope.nil? || @scope.strip.empty?
|
184
|
+
|
187
185
|
#overrides
|
188
186
|
overrides = {}
|
187
|
+
overrides[:display] = request.params["display"] unless !@display_override || request.params["display"].nil?
|
188
|
+
overrides[:immediate] = request.params["immediate"] unless !@immediate_override || request.params["immediate"].nil?
|
189
|
+
overrides[:prompt] = request.params["prompt"] unless !@prompt_override || request.params["prompt"].nil?
|
189
190
|
if @scope_override
|
190
191
|
scope = (self.class.param_repeated(request.url, :scope) || []).join(" ")
|
191
192
|
overrides[:scope] = scope unless scope.nil? || scope.strip.empty?
|
192
193
|
end
|
193
|
-
overrides[:display] = request.params["display"] unless !@display_override || request.params["display"].nil?
|
194
|
-
overrides[:immediate] = request.params["immediate"] unless !@immediate_override || request.params["immediate"].nil?
|
195
194
|
auth_params.merge!(overrides)
|
196
195
|
|
197
196
|
#do redirect
|
@@ -319,7 +318,6 @@ module Databasedotcom
|
|
319
318
|
full_host = URI.parse(request.url.gsub(/\?.*$/,''))
|
320
319
|
full_host.path = ''
|
321
320
|
full_host.query = nil
|
322
|
-
#sometimes the url is actually showing http inside rails because the other layers (like nginx) have handled the ssl termination.
|
323
321
|
full_host.scheme = 'https' if(request.env['HTTP_X_FORWARDED_PROTO'] == 'https')
|
324
322
|
full_host = full_host.to_s
|
325
323
|
end
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: databasedotcom-oauth2
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.9
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-07-01 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: addressable
|