googleauth 0.5.1 → 0.14.0

data/spec/googleauth/signet_spec.rb

@@ -27,45 +27,116 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'apply_auth_examples'
-require 'googleauth/signet'
-require 'jwt'
-require 'openssl'
-require 'spec_helper'
+require "apply_auth_examples"
+require "googleauth/signet"
+require "jwt"
+require "openssl"
+require "spec_helper"
 
 describe Signet::OAuth2::Client do
-  before(:example) do
-    @key = OpenSSL::PKey::RSA.new(2048)
+  before :example do
+    @key = OpenSSL::PKey::RSA.new 2048
     @client = Signet::OAuth2::Client.new(
-      token_credential_uri: 'https://accounts.google.com/o/oauth2/token',
-      scope: 'https://www.googleapis.com/auth/userinfo.profile',
-      issuer: 'app@example.com',
-      audience: 'https://accounts.google.com/o/oauth2/token',
-      signing_key: @key)
+      token_credential_uri: "https://oauth2.googleapis.com/token",
+      scope:                "https://www.googleapis.com/auth/userinfo.profile",
+      issuer:               "app@example.com",
+      audience:             "https://oauth2.googleapis.com/token",
+      signing_key:          @key
+    )
+    @id_client = Signet::OAuth2::Client.new(
+      token_credential_uri: "https://oauth2.googleapis.com/token",
+      target_audience:      "https://pubsub.googleapis.com/",
+      issuer:               "app@example.com",
+      audience:             "https://oauth2.googleapis.com/token",
+      signing_key:          @key
+    )
   end
 
-  def make_auth_stubs(opts)
-    access_token = opts[:access_token] || ''
-    body = MultiJson.dump('access_token' => access_token,
-                          'token_type' => 'Bearer',
-                          'expires_in' => 3600)
+  def make_auth_stubs opts
+    body_fields = { "token_type" => "Bearer", "expires_in" => 3600 }
+    body_fields["access_token"] = opts[:access_token] if opts[:access_token]
+    body_fields["id_token"] = opts[:id_token] if opts[:id_token]
+    body = MultiJson.dump body_fields
     blk = proc do |request|
-      params = Addressable::URI.form_unencode(request.body)
-      _claim, _header = JWT.decode(params.assoc('assertion').last,
-                                   @key.public_key)
+      params = Addressable::URI.form_unencode request.body
+      claim, _header = JWT.decode(params.assoc("assertion").last,
+                                  @key.public_key, true,
+                                  algorithm: "RS256")
+      !opts[:id_token] || claim["target_audience"] == "https://pubsub.googleapis.com/"
     end
-    stub_request(:post, 'https://accounts.google.com/o/oauth2/token')
-      .with(body: hash_including(
-        'grant_type' => 'urn:ietf:params:oauth:grant-type:jwt-bearer'),
-            &blk)
-      .to_return(body: body,
-                 status: 200,
-                 headers: { 'Content-Type' => 'application/json' })
+    with_params = { body: hash_including(
+      "grant_type" => "urn:ietf:params:oauth:grant-type:jwt-bearer"
+    ) }
+    with_params[:headers] = { "User-Agent" => opts[:user_agent] } if opts[:user_agent]
+    stub_request(:post, "https://oauth2.googleapis.com/token")
+      .with(with_params, &blk)
+      .to_return(body:    body,
+                 status:  200,
+                 headers: { "Content-Type" => "application/json" })
   end
 
-  it_behaves_like 'apply/apply! are OK'
+  it_behaves_like "apply/apply! are OK"
+
+  describe "#configure_connection" do
+    it "honors default_connection" do
+      token = "1/abcdef1234567890"
+      stub = make_auth_stubs access_token: token, user_agent: "RubyRocks/1.0"
+      conn = Faraday.new headers: { "User-Agent" => "RubyRocks/1.0" }
+      @client.configure_connection default_connection: conn
+      md = { foo: "bar" }
+      @client.apply! md
+      want = { foo: "bar", authorization: "Bearer #{token}" }
+      expect(md).to eq(want)
+      expect(stub).to have_been_requested
+    end
+
+    it "honors connection_builder" do
+      token = "1/abcdef1234567890"
+      stub = make_auth_stubs access_token: token, user_agent: "RubyRocks/2.0"
+      connection_builder = proc do
+        Faraday.new headers: { "User-Agent" => "RubyRocks/2.0" }
+      end
+      @client.configure_connection connection_builder: connection_builder
+      md = { foo: "bar" }
+      @client.apply! md
+      want = { foo: "bar", authorization: "Bearer #{token}" }
+      expect(md).to eq(want)
+      expect(stub).to have_been_requested
+    end
+  end
+
+  describe "#fetch_access_token!" do
+    it "retries when orig_fetch_access_token! raises Signet::RemoteServerError" do
+      mocked_responses = [:raise, :raise, "success"]
+      allow(@client).to receive(:orig_fetch_access_token!).exactly(3).times do
+        response = mocked_responses.shift
+        response == :raise ? raise(Signet::RemoteServerError) : response
+      end
+      expect(@client.fetch_access_token!).to eq("success")
+    end
+
+    it "raises when the max retry count is exceeded" do
+      mocked_responses = [:raise, :raise, :raise, :raise, :raise, :raise, "success"]
+      allow(@client).to receive(:orig_fetch_access_token!).exactly(6).times do
+        response = mocked_responses.shift
+        response == :raise ? raise(Signet::RemoteServerError) : response
+      end
+      expect { @client.fetch_access_token! }.to raise_error Signet::AuthorizationError
+    end
+
+    it "does not retry and raises right away if it encounters a Signet::AuthorizationError" do
+      allow(@client).to receive(:orig_fetch_access_token!).at_most(:once)
+        .and_raise(Signet::AuthorizationError.new("Some Message"))
+      expect { @client.fetch_access_token! }.to raise_error Signet::AuthorizationError
+    end
+
+    it "does not retry and raises right away if it encounters a Signet::ParseError" do
+      allow(@client).to receive(:orig_fetch_access_token!).at_most(:once).and_raise(Signet::ParseError)
+      expect { @client.fetch_access_token! }.to raise_error Signet::ParseError
+    end
+  end
 end

data/spec/googleauth/stores/file_token_store_spec.rb

@@ -27,32 +27,31 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'googleauth'
-require 'googleauth/stores/file_token_store'
-require 'spec_helper'
-require 'fakefs/safe'
-require 'fakefs/spec_helpers'
-require 'googleauth/stores/store_examples'
+require "googleauth"
+require "googleauth/stores/file_token_store"
+require "spec_helper"
+require "fakefs/safe"
+require "fakefs/spec_helpers"
+require "googleauth/stores/store_examples"
 
 module FakeFS
   class File
     # FakeFS doesn't implement. And since we don't need to actually lock,
     # just stub out...
-    def flock(*)
-    end
+    def flock *; end
   end
 end
 
 describe Google::Auth::Stores::FileTokenStore do
   include FakeFS::SpecHelpers
 
-  let(:store) do
-    Google::Auth::Stores::FileTokenStore.new(file: '/tokens.yaml')
+  let :store do
+    Google::Auth::Stores::FileTokenStore.new file: "/tokens.yaml"
   end
 
-  it_behaves_like 'token store'
+  it_behaves_like "token store"
 end

data/spec/googleauth/stores/redis_token_store_spec.rb

@@ -27,24 +27,24 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'googleauth'
-require 'googleauth/stores/redis_token_store'
-require 'spec_helper'
-require 'fakeredis/rspec'
-require 'googleauth/stores/store_examples'
+require "googleauth"
+require "googleauth/stores/redis_token_store"
+require "spec_helper"
+require "fakeredis/rspec"
+require "googleauth/stores/store_examples"
 
 describe Google::Auth::Stores::RedisTokenStore do
-  let(:redis) do
+  let :redis do
     Redis.new
   end
 
-  let(:store) do
-    Google::Auth::Stores::RedisTokenStore.new(redis: redis)
+  let :store do
+    Google::Auth::Stores::RedisTokenStore.new redis: redis
   end
 
-  it_behaves_like 'token store'
+  it_behaves_like "token store"
 end

data/spec/googleauth/stores/store_examples.rb

@@ -27,32 +27,32 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'spec_helper'
+require "spec_helper"
 
-shared_examples 'token store' do
-  before(:each) do
-    store.store('default', 'test')
+shared_examples "token store" do
+  before :each do
+    store.store "default", "test"
   end
 
-  it 'should return a stored value' do
-    expect(store.load('default')).to eq 'test'
+  it "should return a stored value" do
+    expect(store.load("default")).to eq "test"
   end
 
-  it 'should return nil for missing tokens' do
-    expect(store.load('notavalidkey')).to be_nil
+  it "should return nil for missing tokens" do
+    expect(store.load("notavalidkey")).to be_nil
   end
 
-  it 'should return nil for deleted tokens' do
-    store.delete('default')
-    expect(store.load('default')).to be_nil
+  it "should return nil for deleted tokens" do
+    store.delete "default"
+    expect(store.load("default")).to be_nil
   end
 
-  it 'should save overwrite values on store' do
-    store.store('default', 'test2')
-    expect(store.load('default')).to eq 'test2'
+  it "should save overwrite values on store" do
+    store.store "default", "test2"
+    expect(store.load("default")).to eq "test2"
   end
 end

data/spec/googleauth/user_authorizer_spec.rb

@@ -27,285 +27,314 @@
 # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 # OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
-spec_dir = File.expand_path(File.join(File.dirname(__FILE__)))
-$LOAD_PATH.unshift(spec_dir)
+spec_dir = File.expand_path File.join(File.dirname(__FILE__))
+$LOAD_PATH.unshift spec_dir
 $LOAD_PATH.uniq!
 
-require 'googleauth'
-require 'googleauth/user_authorizer'
-require 'uri'
-require 'multi_json'
-require 'spec_helper'
+require "googleauth"
+require "googleauth/user_authorizer"
+require "uri"
+require "multi_json"
+require "spec_helper"
 
 describe Google::Auth::UserAuthorizer do
   include TestHelpers
 
-  let(:client_id) { Google::Auth::ClientId.new('testclient', 'notasecret') }
-  let(:scope) { %w(email profile) }
+  let(:client_id) { Google::Auth::ClientId.new "testclient", "notasecret" }
+  let(:scope) { %w[email profile] }
   let(:token_store) { DummyTokenStore.new }
-  let(:callback_uri) { 'https://www.example.com/oauth/callback' }
-  let(:authorizer) do
+  let(:callback_uri) { "https://www.example.com/oauth/callback" }
+  let :authorizer do
     Google::Auth::UserAuthorizer.new(client_id,
                                      scope,
                                      token_store,
                                      callback_uri)
   end
 
-  shared_examples 'valid authorization url' do
-    it 'should have a valid base URI' do
+  shared_examples "valid authorization url" do
+    it "should have a valid base URI" do
       expect(uri).to match %r{https://accounts.google.com/o/oauth2/auth}
     end
 
-    it 'should request offline access' do
+    it "should request offline access" do
       expect(URI(uri).query).to match(/access_type=offline/)
     end
 
-    it 'should request response type code' do
+    it "should request response type code" do
       expect(URI(uri).query).to match(/response_type=code/)
     end
 
-    it 'should force approval' do
+    it "should force approval" do
       expect(URI(uri).query).to match(/approval_prompt=force/)
     end
 
-    it 'should include granted scopes' do
+    it "should include granted scopes" do
       expect(URI(uri).query).to match(/include_granted_scopes=true/)
     end
 
-    it 'should include the correct client id' do
+    it "should include the correct client id" do
       expect(URI(uri).query).to match(/client_id=testclient/)
     end
 
-    it 'should not include a client secret' do
+    it "should not include a client secret" do
       expect(URI(uri).query).to_not match(/client_secret/)
     end
 
-    it 'should include the callback uri' do
+    it "should include the redirect_uri" do
       expect(URI(uri).query).to match(
-        %r{redirect_uri=https://www.example.com/oauth/callback})
+        %r{redirect_uri=https://www.example.com/oauth/callback}
+      )
     end
 
-    it 'should include the scope' do
+    it "should include the scope" do
       expect(URI(uri).query).to match(/scope=email%20profile/)
     end
   end
 
-  context 'when generating authorization URLs with user ID & state' do
-    let(:uri) do
-      authorizer.get_authorization_url(login_hint: 'user1', state: 'mystate')
+  context "when generating authorization URLs and callback_uri is 'postmessage'" do
+    let(:callback_uri) { "postmessage" }
+    let :authorizer do
+      Google::Auth::UserAuthorizer.new(client_id,
+                                       scope,
+                                       token_store,
+                                       callback_uri)
+    end
+    let :uri do
+      authorizer.get_authorization_url login_hint: "user1", state: "mystate"
+    end
+
+    it "should include the redirect_uri 'postmessage'" do
+      expect(URI(uri).query).to match(
+        %r{redirect_uri=postmessage}
+      )
+    end
+  end
+
+  context "when generating authorization URLs with user ID & state" do
+    let :uri do
+      authorizer.get_authorization_url login_hint: "user1", state: "mystate"
     end
 
-    it_behaves_like 'valid authorization url'
+    it_behaves_like "valid authorization url"
 
-    it 'includes a login hint' do
+    it "includes a login hint" do
       expect(URI(uri).query).to match(/login_hint=user1/)
     end
 
-    it 'includes the app state' do
+    it "includes the app state" do
       expect(URI(uri).query).to match(/state=mystate/)
     end
   end
 
-  context 'when generating authorization URLs with user ID and no state' do
-    let(:uri) { authorizer.get_authorization_url(login_hint: 'user1') }
+  context "when generating authorization URLs with user ID and no state" do
+    let(:uri) { authorizer.get_authorization_url login_hint: "user1" }
 
-    it_behaves_like 'valid authorization url'
+    it_behaves_like "valid authorization url"
 
-    it 'includes a login hint' do
+    it "includes a login hint" do
       expect(URI(uri).query).to match(/login_hint=user1/)
     end
 
-    it 'does not include the state parameter' do
+    it "does not include the state parameter" do
       expect(URI(uri).query).to_not match(/state/)
     end
   end
 
-  context 'when generating authorization URLs with no user ID and no state' do
+  context "when generating authorization URLs with no user ID and no state" do
     let(:uri) { authorizer.get_authorization_url }
 
-    it_behaves_like 'valid authorization url'
+    it_behaves_like "valid authorization url"
 
-    it 'does not include the login hint parameter' do
+    it "does not include the login hint parameter" do
       expect(URI(uri).query).to_not match(/login_hint/)
     end
 
-    it 'does not include the state parameter' do
+    it "does not include the state parameter" do
       expect(URI(uri).query).to_not match(/state/)
     end
   end
 
-  context 'when retrieving tokens' do
-    let(:token_json) do
+  context "when retrieving tokens" do
+    let :token_json do
       MultiJson.dump(
-        access_token: 'accesstoken',
-        refresh_token: 'refreshtoken',
-        expiration_time_millis: 1_441_234_742_000)
+        access_token:           "accesstoken",
+        refresh_token:          "refreshtoken",
+        expiration_time_millis: 1_441_234_742_000
+      )
     end
 
-    context 'with a valid user id' do
-      let(:credentials) do
-        token_store.store('user1', token_json)
-        authorizer.get_credentials('user1')
+    context "with a valid user id" do
+      let :credentials do
+        token_store.store "user1", token_json
+        authorizer.get_credentials "user1"
       end
 
-      it 'should return an instance of UserRefreshCredentials' do
+      it "should return an instance of UserRefreshCredentials" do
         expect(credentials).to be_instance_of(
-          Google::Auth::UserRefreshCredentials)
+          Google::Auth::UserRefreshCredentials
+        )
       end
 
-      it 'should return credentials with a valid refresh token' do
-        expect(credentials.refresh_token).to eq 'refreshtoken'
+      it "should return credentials with a valid refresh token" do
+        expect(credentials.refresh_token).to eq "refreshtoken"
       end
 
-      it 'should return credentials with a valid access token' do
-        expect(credentials.access_token).to eq 'accesstoken'
+      it "should return credentials with a valid access token" do
+        expect(credentials.access_token).to eq "accesstoken"
       end
 
-      it 'should return credentials with a valid client ID' do
-        expect(credentials.client_id).to eq 'testclient'
+      it "should return credentials with a valid client ID" do
+        expect(credentials.client_id).to eq "testclient"
       end
 
-      it 'should return credentials with a valid client secret' do
-        expect(credentials.client_secret).to eq 'notasecret'
+      it "should return credentials with a valid client secret" do
+        expect(credentials.client_secret).to eq "notasecret"
       end
 
-      it 'should return credentials with a valid scope' do
-        expect(credentials.scope).to eq %w(email profile)
+      it "should return credentials with a valid scope" do
+        expect(credentials.scope).to eq %w[email profile]
       end
 
-      it 'should return credentials with a valid expiration time' do
+      it "should return credentials with a valid expiration time" do
         expect(credentials.expires_at).to eq Time.at(1_441_234_742)
       end
     end
 
-    context 'with an invalid user id' do
-      it 'should return nil' do
-        expect(authorizer.get_credentials('notauser')).to be_nil
+    context "with an invalid user id" do
+      it "should return nil" do
+        expect(authorizer.get_credentials("notauser")).to be_nil
       end
     end
   end
 
-  context 'when saving tokens' do
+  context "when saving tokens" do
     let(:expiry) { Time.now.to_i }
-    let(:credentials) do
+    let :credentials do
       Google::Auth::UserRefreshCredentials.new(
-        client_id: client_id.id,
+        client_id:     client_id.id,
         client_secret: client_id.secret,
-        scope: scope,
-        refresh_token: 'refreshtoken',
-        access_token: 'accesstoken',
-        expires_at: expiry
+        scope:         scope,
+        refresh_token: "refreshtoken",
+        access_token:  "accesstoken",
+        expires_at:    expiry
       )
     end
 
-    let(:token_json) do
-      authorizer.store_credentials('user1', credentials)
-      token_store.load('user1')
+    let :token_json do
+      authorizer.store_credentials "user1", credentials
+      token_store.load "user1"
     end
 
-    it 'should persist in the token store' do
+    it "should persist in the token store" do
       expect(token_json).to_not be_nil
     end
 
-    it 'should persist the refresh token' do
-      expect(MultiJson.load(token_json)['refresh_token']).to eq 'refreshtoken'
+    it "should persist the refresh token" do
+      expect(MultiJson.load(token_json)["refresh_token"]).to eq "refreshtoken"
     end
 
-    it 'should persist the access token' do
-      expect(MultiJson.load(token_json)['access_token']).to eq 'accesstoken'
+    it "should persist the access token" do
+      expect(MultiJson.load(token_json)["access_token"]).to eq "accesstoken"
     end
 
-    it 'should persist the client id' do
-      expect(MultiJson.load(token_json)['client_id']).to eq 'testclient'
+    it "should persist the client id" do
+      expect(MultiJson.load(token_json)["client_id"]).to eq "testclient"
     end
 
-    it 'should persist the scope' do
-      expect(MultiJson.load(token_json)['scope']).to include('email', 'profile')
+    it "should persist the scope" do
+      expect(MultiJson.load(token_json)["scope"]).to include("email", "profile")
     end
 
-    it 'should persist the expiry as milliseconds' do
+    it "should persist the expiry as milliseconds" do
       expected_expiry = expiry * 1000
-      expect(MultiJson.load(token_json)['expiration_time_millis']).to eql(
-        expected_expiry)
+      expect(MultiJson.load(token_json)["expiration_time_millis"]).to eql(
+        expected_expiry
+      )
     end
   end
 
-  context 'with valid authorization code' do
-    let(:token_json) do
-      MultiJson.dump('access_token' => '1/abc123',
-                     'token_type' => 'Bearer',
-                     'expires_in' => 3600)
+  context "with valid authorization code" do
+    let :token_json do
+      MultiJson.dump("access_token" => "1/abc123",
+                     "token_type"   => "Bearer",
+                     "expires_in"   => 3600)
     end
 
-    before(:example) do
-      stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+    before :example do
+      stub_request(:post, "https://oauth2.googleapis.com/token")
         .to_return(body: token_json, status: 200, headers: {
-                     'Content-Type' => 'application/json' })
+                     "Content-Type" => "application/json"
+                   })
     end
 
-    it 'should exchange a code for credentials' do
+    it "should exchange a code for credentials" do
       credentials = authorizer.get_credentials_from_code(
-        user_id: 'user1', code: 'code')
-      expect(credentials.access_token).to eq '1/abc123'
+        user_id: "user1", code: "code"
+      )
+      expect(credentials.access_token).to eq "1/abc123"
+      expect(credentials.redirect_uri.to_s).to eq "https://www.example.com/oauth/callback"
     end
 
-    it 'should not store credentials when get only requested' do
-      authorizer.get_credentials_from_code(user_id: 'user1', code: 'code')
-      expect(token_store.load('user1')).to be_nil
+    it "should not store credentials when get only requested" do
+      authorizer.get_credentials_from_code user_id: "user1", code: "code"
+      expect(token_store.load("user1")).to be_nil
     end
 
-    it 'should store credentials when requested' do
+    it "should store credentials when requested" do
       authorizer.get_and_store_credentials_from_code(
-        user_id: 'user1', code: 'code')
-      expect(token_store.load('user1')).to_not be_nil
+        user_id: "user1", code: "code"
+      )
+      expect(token_store.load("user1")).to_not be_nil
     end
   end
 
-  context 'with invalid authorization code' do
-    before(:example) do
-      stub_request(:post, 'https://www.googleapis.com/oauth2/v3/token')
+  context "with invalid authorization code" do
+    before :example do
+      stub_request(:post, "https://oauth2.googleapis.com/token")
         .to_return(status: 400)
     end
 
-    it 'should raise an authorization error' do
+    it "should raise an authorization error" do
       expect do
-        authorizer.get_credentials_from_code(user_id: 'user1', code: 'badcode')
+        authorizer.get_credentials_from_code user_id: "user1", code: "badcode"
       end.to raise_error Signet::AuthorizationError
     end
 
-    it 'should not store credentials when exchange fails' do
+    it "should not store credentials when exchange fails" do
       expect do
-        authorizer.get_credentials_from_code(user_id: 'user1', code: 'badcode')
+        authorizer.get_credentials_from_code user_id: "user1", code: "badcode"
       end.to raise_error Signet::AuthorizationError
-      expect(token_store.load('user1')).to be_nil
+      expect(token_store.load("user1")).to be_nil
     end
   end
 
-  context 'when reovking authorization' do
-    let(:token_json) do
+  context "when reovking authorization" do
+    let :token_json do
       MultiJson.dump(
-        access_token: 'accesstoken',
-        refresh_token: 'refreshtoken',
-        expiration_time_millis: 1_441_234_742_000)
+        access_token:           "accesstoken",
+        refresh_token:          "refreshtoken",
+        expiration_time_millis: 1_441_234_742_000
+      )
     end
 
-    before(:example) do
-      token_store.store('user1', token_json)
-      stub_request(
-        :get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken')
+    before :example do
+      token_store.store "user1", token_json
+      stub_request(:post, "https://oauth2.googleapis.com/revoke")
+        .with(body: hash_including("token" => "refreshtoken"))
         .to_return(status: 200)
     end
 
-    it 'should revoke the grant' do
-      authorizer.revoke_authorization('user1')
+    it "should revoke the grant" do
+      authorizer.revoke_authorization "user1"
       expect(a_request(
-               :get, 'https://accounts.google.com/o/oauth2/revoke?token=refreshtoken'))
+        :post, "https://oauth2.googleapis.com/revoke"
+      ).with(body: hash_including("token" => "refreshtoken")))
         .to have_been_made
     end
 
-    it 'should remove the token from storage' do
-      authorizer.revoke_authorization('user1')
-      expect(token_store.load('user1')).to be_nil
+    it "should remove the token from storage" do
+      authorizer.revoke_authorization "user1"
+      expect(token_store.load("user1")).to be_nil
     end
   end