intuit-oauth 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +5 -0
- data/Gemfile.lock +32 -0
- data/LICENSE +201 -0
- data/README.md +107 -0
- data/intuit-oauth.gemspec +38 -0
- data/lib/intuit-oauth.rb +9 -0
- data/lib/intuit-oauth/base.rb +9 -0
- data/lib/intuit-oauth/client.rb +74 -0
- data/lib/intuit-oauth/constants.rb +28 -0
- data/lib/intuit-oauth/exception.rb +12 -0
- data/lib/intuit-oauth/flow/code.rb +46 -0
- data/lib/intuit-oauth/flow/openid.rb +97 -0
- data/lib/intuit-oauth/flow/token.rb +93 -0
- data/lib/intuit-oauth/migration.rb +65 -0
- data/lib/intuit-oauth/response.rb +37 -0
- data/lib/intuit-oauth/transport.rb +52 -0
- data/lib/intuit-oauth/utils.rb +75 -0
- metadata +235 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA1:
|
3
|
+
metadata.gz: 917700b85f046e6e952c1f166e3c96e0282f7c0e
|
4
|
+
data.tar.gz: 948f26d5fa00930af1aed91da1bf7106878b4bf7
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: fa1cd5b48ac1ca359eafc48615b7feaca03aa050dab44b5ca26ada1cb58a7dd672a4f905741ca57a6b18d5da842321348567b1eec052da408bab577e4fd688e4
|
7
|
+
data.tar.gz: 3b0fb963c737087bb5ee9200f0ab3cc0f7bb49c2d0f9cd274d6fea9eff39cec46d24abd44cd47b6f243b8fa0d6c4f55af237432b3ed25f78682914cfe7876795
|
data/Gemfile
ADDED
data/Gemfile.lock
ADDED
@@ -0,0 +1,32 @@
|
|
1
|
+
GEM
|
2
|
+
remote: https://rubygems.org/
|
3
|
+
specs:
|
4
|
+
diff-lcs (1.3)
|
5
|
+
httparty (0.16.2)
|
6
|
+
multi_xml (>= 0.5.2)
|
7
|
+
json (2.1.0)
|
8
|
+
multi_xml (0.6.0)
|
9
|
+
rspec (3.8.0)
|
10
|
+
rspec-core (~> 3.8.0)
|
11
|
+
rspec-expectations (~> 3.8.0)
|
12
|
+
rspec-mocks (~> 3.8.0)
|
13
|
+
rspec-core (3.8.0)
|
14
|
+
rspec-support (~> 3.8.0)
|
15
|
+
rspec-expectations (3.8.2)
|
16
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
17
|
+
rspec-support (~> 3.8.0)
|
18
|
+
rspec-mocks (3.8.0)
|
19
|
+
diff-lcs (>= 1.2.0, < 2.0)
|
20
|
+
rspec-support (~> 3.8.0)
|
21
|
+
rspec-support (3.8.0)
|
22
|
+
|
23
|
+
PLATFORMS
|
24
|
+
ruby
|
25
|
+
|
26
|
+
DEPENDENCIES
|
27
|
+
httparty
|
28
|
+
json
|
29
|
+
rspec
|
30
|
+
|
31
|
+
BUNDLED WITH
|
32
|
+
1.16.2
|
data/LICENSE
ADDED
@@ -0,0 +1,201 @@
|
|
1
|
+
Apache License
|
2
|
+
Version 2.0, January 2004
|
3
|
+
http://www.apache.org/licenses/
|
4
|
+
|
5
|
+
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
6
|
+
|
7
|
+
1. Definitions.
|
8
|
+
|
9
|
+
"License" shall mean the terms and conditions for use, reproduction,
|
10
|
+
and distribution as defined by Sections 1 through 9 of this document.
|
11
|
+
|
12
|
+
"Licensor" shall mean the copyright owner or entity authorized by
|
13
|
+
the copyright owner that is granting the License.
|
14
|
+
|
15
|
+
"Legal Entity" shall mean the union of the acting entity and all
|
16
|
+
other entities that control, are controlled by, or are under common
|
17
|
+
control with that entity. For the purposes of this definition,
|
18
|
+
"control" means (i) the power, direct or indirect, to cause the
|
19
|
+
direction or management of such entity, whether by contract or
|
20
|
+
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
21
|
+
outstanding shares, or (iii) beneficial ownership of such entity.
|
22
|
+
|
23
|
+
"You" (or "Your") shall mean an individual or Legal Entity
|
24
|
+
exercising permissions granted by this License.
|
25
|
+
|
26
|
+
"Source" form shall mean the preferred form for making modifications,
|
27
|
+
including but not limited to software source code, documentation
|
28
|
+
source, and configuration files.
|
29
|
+
|
30
|
+
"Object" form shall mean any form resulting from mechanical
|
31
|
+
transformation or translation of a Source form, including but
|
32
|
+
not limited to compiled object code, generated documentation,
|
33
|
+
and conversions to other media types.
|
34
|
+
|
35
|
+
"Work" shall mean the work of authorship, whether in Source or
|
36
|
+
Object form, made available under the License, as indicated by a
|
37
|
+
copyright notice that is included in or attached to the work
|
38
|
+
(an example is provided in the Appendix below).
|
39
|
+
|
40
|
+
"Derivative Works" shall mean any work, whether in Source or Object
|
41
|
+
form, that is based on (or derived from) the Work and for which the
|
42
|
+
editorial revisions, annotations, elaborations, or other modifications
|
43
|
+
represent, as a whole, an original work of authorship. For the purposes
|
44
|
+
of this License, Derivative Works shall not include works that remain
|
45
|
+
separable from, or merely link (or bind by name) to the interfaces of,
|
46
|
+
the Work and Derivative Works thereof.
|
47
|
+
|
48
|
+
"Contribution" shall mean any work of authorship, including
|
49
|
+
the original version of the Work and any modifications or additions
|
50
|
+
to that Work or Derivative Works thereof, that is intentionally
|
51
|
+
submitted to Licensor for inclusion in the Work by the copyright owner
|
52
|
+
or by an individual or Legal Entity authorized to submit on behalf of
|
53
|
+
the copyright owner. For the purposes of this definition, "submitted"
|
54
|
+
means any form of electronic, verbal, or written communication sent
|
55
|
+
to the Licensor or its representatives, including but not limited to
|
56
|
+
communication on electronic mailing lists, source code control systems,
|
57
|
+
and issue tracking systems that are managed by, or on behalf of, the
|
58
|
+
Licensor for the purpose of discussing and improving the Work, but
|
59
|
+
excluding communication that is conspicuously marked or otherwise
|
60
|
+
designated in writing by the copyright owner as "Not a Contribution."
|
61
|
+
|
62
|
+
"Contributor" shall mean Licensor and any individual or Legal Entity
|
63
|
+
on behalf of whom a Contribution has been received by Licensor and
|
64
|
+
subsequently incorporated within the Work.
|
65
|
+
|
66
|
+
2. Grant of Copyright License. Subject to the terms and conditions of
|
67
|
+
this License, each Contributor hereby grants to You a perpetual,
|
68
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
69
|
+
copyright license to reproduce, prepare Derivative Works of,
|
70
|
+
publicly display, publicly perform, sublicense, and distribute the
|
71
|
+
Work and such Derivative Works in Source or Object form.
|
72
|
+
|
73
|
+
3. Grant of Patent License. Subject to the terms and conditions of
|
74
|
+
this License, each Contributor hereby grants to You a perpetual,
|
75
|
+
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
76
|
+
(except as stated in this section) patent license to make, have made,
|
77
|
+
use, offer to sell, sell, import, and otherwise transfer the Work,
|
78
|
+
where such license applies only to those patent claims licensable
|
79
|
+
by such Contributor that are necessarily infringed by their
|
80
|
+
Contribution(s) alone or by combination of their Contribution(s)
|
81
|
+
with the Work to which such Contribution(s) was submitted. If You
|
82
|
+
institute patent litigation against any entity (including a
|
83
|
+
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
84
|
+
or a Contribution incorporated within the Work constitutes direct
|
85
|
+
or contributory patent infringement, then any patent licenses
|
86
|
+
granted to You under this License for that Work shall terminate
|
87
|
+
as of the date such litigation is filed.
|
88
|
+
|
89
|
+
4. Redistribution. You may reproduce and distribute copies of the
|
90
|
+
Work or Derivative Works thereof in any medium, with or without
|
91
|
+
modifications, and in Source or Object form, provided that You
|
92
|
+
meet the following conditions:
|
93
|
+
|
94
|
+
(a) You must give any other recipients of the Work or
|
95
|
+
Derivative Works a copy of this License; and
|
96
|
+
|
97
|
+
(b) You must cause any modified files to carry prominent notices
|
98
|
+
stating that You changed the files; and
|
99
|
+
|
100
|
+
(c) You must retain, in the Source form of any Derivative Works
|
101
|
+
that You distribute, all copyright, patent, trademark, and
|
102
|
+
attribution notices from the Source form of the Work,
|
103
|
+
excluding those notices that do not pertain to any part of
|
104
|
+
the Derivative Works; and
|
105
|
+
|
106
|
+
(d) If the Work includes a "NOTICE" text file as part of its
|
107
|
+
distribution, then any Derivative Works that You distribute must
|
108
|
+
include a readable copy of the attribution notices contained
|
109
|
+
within such NOTICE file, excluding those notices that do not
|
110
|
+
pertain to any part of the Derivative Works, in at least one
|
111
|
+
of the following places: within a NOTICE text file distributed
|
112
|
+
as part of the Derivative Works; within the Source form or
|
113
|
+
documentation, if provided along with the Derivative Works; or,
|
114
|
+
within a display generated by the Derivative Works, if and
|
115
|
+
wherever such third-party notices normally appear. The contents
|
116
|
+
of the NOTICE file are for informational purposes only and
|
117
|
+
do not modify the License. You may add Your own attribution
|
118
|
+
notices within Derivative Works that You distribute, alongside
|
119
|
+
or as an addendum to the NOTICE text from the Work, provided
|
120
|
+
that such additional attribution notices cannot be construed
|
121
|
+
as modifying the License.
|
122
|
+
|
123
|
+
You may add Your own copyright statement to Your modifications and
|
124
|
+
may provide additional or different license terms and conditions
|
125
|
+
for use, reproduction, or distribution of Your modifications, or
|
126
|
+
for any such Derivative Works as a whole, provided Your use,
|
127
|
+
reproduction, and distribution of the Work otherwise complies with
|
128
|
+
the conditions stated in this License.
|
129
|
+
|
130
|
+
5. Submission of Contributions. Unless You explicitly state otherwise,
|
131
|
+
any Contribution intentionally submitted for inclusion in the Work
|
132
|
+
by You to the Licensor shall be under the terms and conditions of
|
133
|
+
this License, without any additional terms or conditions.
|
134
|
+
Notwithstanding the above, nothing herein shall supersede or modify
|
135
|
+
the terms of any separate license agreement you may have executed
|
136
|
+
with Licensor regarding such Contributions.
|
137
|
+
|
138
|
+
6. Trademarks. This License does not grant permission to use the trade
|
139
|
+
names, trademarks, service marks, or product names of the Licensor,
|
140
|
+
except as required for reasonable and customary use in describing the
|
141
|
+
origin of the Work and reproducing the content of the NOTICE file.
|
142
|
+
|
143
|
+
7. Disclaimer of Warranty. Unless required by applicable law or
|
144
|
+
agreed to in writing, Licensor provides the Work (and each
|
145
|
+
Contributor provides its Contributions) on an "AS IS" BASIS,
|
146
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
147
|
+
implied, including, without limitation, any warranties or conditions
|
148
|
+
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
149
|
+
PARTICULAR PURPOSE. You are solely responsible for determining the
|
150
|
+
appropriateness of using or redistributing the Work and assume any
|
151
|
+
risks associated with Your exercise of permissions under this License.
|
152
|
+
|
153
|
+
8. Limitation of Liability. In no event and under no legal theory,
|
154
|
+
whether in tort (including negligence), contract, or otherwise,
|
155
|
+
unless required by applicable law (such as deliberate and grossly
|
156
|
+
negligent acts) or agreed to in writing, shall any Contributor be
|
157
|
+
liable to You for damages, including any direct, indirect, special,
|
158
|
+
incidental, or consequential damages of any character arising as a
|
159
|
+
result of this License or out of the use or inability to use the
|
160
|
+
Work (including but not limited to damages for loss of goodwill,
|
161
|
+
work stoppage, computer failure or malfunction, or any and all
|
162
|
+
other commercial damages or losses), even if such Contributor
|
163
|
+
has been advised of the possibility of such damages.
|
164
|
+
|
165
|
+
9. Accepting Warranty or Additional Liability. While redistributing
|
166
|
+
the Work or Derivative Works thereof, You may choose to offer,
|
167
|
+
and charge a fee for, acceptance of support, warranty, indemnity,
|
168
|
+
or other liability obligations and/or rights consistent with this
|
169
|
+
License. However, in accepting such obligations, You may act only
|
170
|
+
on Your own behalf and on Your sole responsibility, not on behalf
|
171
|
+
of any other Contributor, and only if You agree to indemnify,
|
172
|
+
defend, and hold each Contributor harmless for any liability
|
173
|
+
incurred by, or claims asserted against, such Contributor by reason
|
174
|
+
of your accepting any such warranty or additional liability.
|
175
|
+
|
176
|
+
END OF TERMS AND CONDITIONS
|
177
|
+
|
178
|
+
APPENDIX: How to apply the Apache License to your work.
|
179
|
+
|
180
|
+
To apply the Apache License to your work, attach the following
|
181
|
+
boilerplate notice, with the fields enclosed by brackets "{}"
|
182
|
+
replaced with your own identifying information. (Don't include
|
183
|
+
the brackets!) The text should be enclosed in the appropriate
|
184
|
+
comment syntax for the file format. We also recommend that a
|
185
|
+
file or class name and description of purpose be included on the
|
186
|
+
same "printed page" as the copyright notice for easier
|
187
|
+
identification within third-party archives.
|
188
|
+
|
189
|
+
Copyright 2018 Intuit, Inc.
|
190
|
+
|
191
|
+
Licensed under the Apache License, Version 2.0 (the "License");
|
192
|
+
you may not use this file except in compliance with the License.
|
193
|
+
You may obtain a copy of the License at
|
194
|
+
|
195
|
+
http://www.apache.org/licenses/LICENSE-2.0
|
196
|
+
|
197
|
+
Unless required by applicable law or agreed to in writing, software
|
198
|
+
distributed under the License is distributed on an "AS IS" BASIS,
|
199
|
+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
200
|
+
See the License for the specific language governing permissions and
|
201
|
+
limitations under the License.
|
data/README.md
ADDED
@@ -0,0 +1,107 @@
|
|
1
|
+
# oauth-rubyclient
|
2
|
+
|
3
|
+
Intuit OAuth Ruby Client
|
4
|
+
==========================
|
5
|
+
|
6
|
+
This client library is meant to work with Intuit's OAuth and OpenID implementation. The `AuthClient` object response can be used for User Info API, Accounting API and Payments API. This library supports:
|
7
|
+
|
8
|
+
- Generating Authorization URL
|
9
|
+
- Getting OAuth2 Bearer Token
|
10
|
+
- Getting User Info
|
11
|
+
- Validating OpenID token
|
12
|
+
- Refreshing OAuth2 Token
|
13
|
+
- Revoking OAuth2 Token
|
14
|
+
- Migrating tokens from OAuth1.0 to OAuth2
|
15
|
+
|
16
|
+
## Installation
|
17
|
+
|
18
|
+
Add this line to your application's Gemfile:
|
19
|
+
|
20
|
+
```ruby
|
21
|
+
gem 'intuit-oauth'
|
22
|
+
```
|
23
|
+
|
24
|
+
And then execute:
|
25
|
+
|
26
|
+
$ bundle
|
27
|
+
|
28
|
+
Or install it yourself as:
|
29
|
+
|
30
|
+
$ gem install 'intuit-oauth'
|
31
|
+
|
32
|
+
## Usage Examples
|
33
|
+
|
34
|
+
The below example tells how to construct the IntuitOAuth Client and use it to generate an OAuth 2 token.
|
35
|
+
|
36
|
+
```ruby
|
37
|
+
require 'intuit-oauth'
|
38
|
+
|
39
|
+
client = IntuitOAuth::Client.new('client_id', 'client_secret', 'redirectUrl', 'environment')
|
40
|
+
scopes = [
|
41
|
+
IntuitOAuth::Scopes::ACCOUNTING
|
42
|
+
]
|
43
|
+
|
44
|
+
authorizationCodeUrl = oauth_client.code.get_auth_uri(scopes)
|
45
|
+
# => https://appcenter.intuit.com/connect/oauth2?client_id=clientId&redirect_uri=redirectUrl&response_type=code&scope=com.intuit.quickbooks.accounting&state=rMwcoDITc2N6FJsUGGO9
|
46
|
+
|
47
|
+
oauth2Token = oauth_client.token.get_bearer_token('the authorization code returned from authorizationCodeUrl')
|
48
|
+
# => #<IntuitOAuth::ClientResponse:0x00007f9152b5c418 @access_token="the access token", @expires_in=3600, @refresh_token="the refresh token", @x_refresh_token_expires_in=8726400>
|
49
|
+
|
50
|
+
```
|
51
|
+
|
52
|
+
### Initialize OAuth client object
|
53
|
+
|
54
|
+
Create an OAuth 2 client to send requests
|
55
|
+
|
56
|
+
oauth_client = IntuitOAuth::Client.new('YourClientID', 'YourClientSecret', 'http://localhost:3000/token/new', 'sandbox')
|
57
|
+
|
58
|
+
### Add scopes
|
59
|
+
|
60
|
+
Define the scopes for the app
|
61
|
+
|
62
|
+
scopes = [
|
63
|
+
IntuitOAuth::Scopes::ACCOUNTING
|
64
|
+
]
|
65
|
+
|
66
|
+
### General Authorization Code URL
|
67
|
+
|
68
|
+
The URL for users to click on the "Authorizate" button. An authorization code will sent to the redirect URL defined in your app
|
69
|
+
|
70
|
+
url = oauth_client.code.get_auth_uri(scopes)
|
71
|
+
|
72
|
+
### Exchange Authorization Code for OAuth 2.0 Token
|
73
|
+
|
74
|
+
Once the user has authorized your app, an authorization code will be sent to your Redirect_URL defined in your client. Exchange the authorization code for an OAuth 2.0 token object.
|
75
|
+
|
76
|
+
result = oauth_client.token.get_bearer_token('The_authorization_code')
|
77
|
+
|
78
|
+
|
79
|
+
### Refresh Token
|
80
|
+
|
81
|
+
Refresh the OAuth 2.0 token using refresh token. Remember to store the OAuth 2.0 refresh token to your own database.
|
82
|
+
|
83
|
+
newToken = oauth_client.token.refresh_tokens('Your_refresh_token')
|
84
|
+
|
85
|
+
### Get User Info
|
86
|
+
|
87
|
+
Get the user info based on the scopes for OpenID
|
88
|
+
|
89
|
+
result=oauth_client.openid.get_user_info('accessToken')
|
90
|
+
|
91
|
+
### Call migration method
|
92
|
+
|
93
|
+
If you have migrated your OAuth 1.0 app to OAuth 2.0 app, and want to exchange your OAuth 1.0 token to OAuth 2.0 token, use migrate_tokens method
|
94
|
+
|
95
|
+
result=oauth_client.Migrate.migrate_tokens(consumer_key, consumer_secret, access_token, access_secret, scopes)
|
96
|
+
|
97
|
+
Issues and Contributions
|
98
|
+
------------------------
|
99
|
+
|
100
|
+
Please open an `issue <https://github.com/intuit/oauth-rubyclient/issues>` on GitHub if you have a problem, suggestion, or other comment.
|
101
|
+
|
102
|
+
Pull requests are welcome and encouraged! Any contributions should include new or updated unit tests as necessary to maintain thorough test coverage.
|
103
|
+
|
104
|
+
License
|
105
|
+
-------
|
106
|
+
|
107
|
+
intuit-oauth is provided under Apache 2.0 found `<https://github.intuit.com/hlu2/oauth-rubyclient/blob/master/LICENSE>`__
|
@@ -0,0 +1,38 @@
|
|
1
|
+
# coding: utf-8
|
2
|
+
|
3
|
+
lib = File.expand_path('../lib', __FILE__)
|
4
|
+
$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
5
|
+
|
6
|
+
Gem::Specification.new do |spec|
|
7
|
+
spec.add_dependency 'httparty', '~> 0.16.3'
|
8
|
+
spec.add_dependency 'json', '~> 2.1'
|
9
|
+
spec.add_dependency 'json_web_token', '~> 0.3.5'
|
10
|
+
spec.add_dependency 'rsa-pem-from-mod-exp', '~> 0.1.0'
|
11
|
+
|
12
|
+
spec.authors = ['Intuit Inc']
|
13
|
+
spec.description = 'A Ruby wrapper Intuit\'s OAuth and OpenID implementation.'
|
14
|
+
spec.email = ['idgsdk@intuit.com']
|
15
|
+
spec.homepage = 'https://github.com/intuit/oauth-rubyclient'
|
16
|
+
spec.licenses = ['Apache-2.0']
|
17
|
+
spec.name = 'intuit-oauth'
|
18
|
+
spec.required_ruby_version = '>= 1.9.0'
|
19
|
+
spec.required_rubygems_version = '>= 1.3.5'
|
20
|
+
spec.summary = 'A Ruby wrapper for the OAuth 2.0 protocol.'
|
21
|
+
spec.version = '1.0.0'
|
22
|
+
|
23
|
+
spec.require_paths = %w[lib]
|
24
|
+
spec.bindir = 'exe'
|
25
|
+
spec.executables = spec.files.grep(%r{^exe/}) { |f| File.basename(f) }
|
26
|
+
spec.files = `git ls-files -z`.split("\x0").reject do |f|
|
27
|
+
f.match(%r{^(bin|test|spec|features)/})
|
28
|
+
end
|
29
|
+
|
30
|
+
spec.add_development_dependency 'addressable', '~> 2.3'
|
31
|
+
spec.add_development_dependency 'backports', '~> 3.11'
|
32
|
+
spec.add_development_dependency 'bundler', '~> 1.16'
|
33
|
+
spec.add_development_dependency 'coveralls', '~> 0.8'
|
34
|
+
spec.add_development_dependency 'rake', '~> 11.0'
|
35
|
+
spec.add_development_dependency 'rdoc', ['>= 5.0', '< 7']
|
36
|
+
spec.add_development_dependency 'rspec', '~> 3.0'
|
37
|
+
spec.add_development_dependency 'wwtd', '~> 0'
|
38
|
+
end
|
data/lib/intuit-oauth.rb
ADDED
@@ -0,0 +1,74 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require_relative './constants'
|
16
|
+
require_relative './transport'
|
17
|
+
require_relative './migration'
|
18
|
+
require_relative './flow/code'
|
19
|
+
require_relative './flow/token'
|
20
|
+
require_relative './flow/openid'
|
21
|
+
|
22
|
+
|
23
|
+
module IntuitOAuth
|
24
|
+
class Client
|
25
|
+
attr_reader :id, :secret, :redirect_uri, :environment,
|
26
|
+
:auth_endpoint, :token_endpoint, :revoke_endpoint, :issuer_uri, :jwks_uri, :user_info_url, :state_token, :realm_id
|
27
|
+
attr_writer :realm_id, :state_token
|
28
|
+
|
29
|
+
def initialize(client_id, client_secret, redirect_uri, environment)
|
30
|
+
@id = client_id
|
31
|
+
@secret = client_secret
|
32
|
+
@redirect_uri = redirect_uri
|
33
|
+
@environment = environment
|
34
|
+
|
35
|
+
# Discovery Doc containes endpoints required for OAuth fow
|
36
|
+
@discovery_doc = get_discovery_doc(@environment)
|
37
|
+
@auth_endpoint = @discovery_doc['authorization_endpoint']
|
38
|
+
@token_endpoint = @discovery_doc['token_endpoint']
|
39
|
+
@revoke_endpoint = @discovery_doc['revocation_endpoint']
|
40
|
+
@issuer_uri = @discovery_doc['issuer']
|
41
|
+
@jwks_uri = @discovery_doc['jwks_uri']
|
42
|
+
@user_info_url = @discovery_doc['userinfo_endpoint']
|
43
|
+
|
44
|
+
# optionally set realm_id
|
45
|
+
@realm_id = ''
|
46
|
+
@state_token = ''
|
47
|
+
end
|
48
|
+
|
49
|
+
def get_discovery_doc(environment)
|
50
|
+
if ['production', 'prod'].include? environment.downcase
|
51
|
+
url = IntuitOAuth::Config::DISCOVERY_URL_PROD
|
52
|
+
else
|
53
|
+
url = IntuitOAuth::Config::DISCOVERY_URL_SANDBOX
|
54
|
+
end
|
55
|
+
IntuitOAuth::Transport.request('GET', url)
|
56
|
+
end
|
57
|
+
|
58
|
+
def code
|
59
|
+
IntuitOAuth::Flow::AuthCode.new(self)
|
60
|
+
end
|
61
|
+
|
62
|
+
def token
|
63
|
+
IntuitOAuth::Flow::Token.new(self)
|
64
|
+
end
|
65
|
+
|
66
|
+
def openid
|
67
|
+
IntuitOAuth::Flow::OpenID.new(self)
|
68
|
+
end
|
69
|
+
|
70
|
+
def migration
|
71
|
+
IntuitOAuth::Migration::Migrate.new(self)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,28 @@
|
|
1
|
+
module IntuitOAuth
|
2
|
+
class Config
|
3
|
+
DISCOVERY_URL_SANDBOX = 'https://developer.intuit.com/.well-known/openid_sandbox_configuration/'
|
4
|
+
DISCOVERY_URL_PROD = 'https://developer.intuit.com/.well-known/openid_configuration/'
|
5
|
+
MIGRATION_URL_SANDBOX = 'https://developer-sandbox.api.intuit.com/v2/oauth2/tokens/migrate'
|
6
|
+
MIGRATION_URL_PROD = 'https://developer.api.intuit.com/v2/oauth2/tokens/migrate'
|
7
|
+
end
|
8
|
+
|
9
|
+
class Scopes
|
10
|
+
ACCOUNTING = 'com.intuit.quickbooks.accounting'
|
11
|
+
PAYMENTS = 'com.intuit.quickbooks.payment'
|
12
|
+
OPENID = 'openid'
|
13
|
+
PROFILE = 'profile'
|
14
|
+
EMAIL = 'email'
|
15
|
+
PHONE = 'phone'
|
16
|
+
ADDRESS = 'address'
|
17
|
+
|
18
|
+
# whitelisted BETA apps only
|
19
|
+
PAYROLL = 'com.intuit.quickbooks.payroll'
|
20
|
+
PAYROLL_TIMETRACKING = 'com.intuit.quickbooks.payroll.timetracking'
|
21
|
+
PAYROLL_BENEFITS = 'com.intuit.quickbooks.payroll.benefits'
|
22
|
+
end
|
23
|
+
|
24
|
+
class Version
|
25
|
+
VERSION = '0.0.1'
|
26
|
+
USER_AGENT = "Intuit-OAuthClient-Ruby#{VERSION}-#{RUBY_PLATFORM}"
|
27
|
+
end
|
28
|
+
end
|
@@ -0,0 +1,12 @@
|
|
1
|
+
module IntuitOAuth
|
2
|
+
class OAuth2ClientException < StandardError
|
3
|
+
def initialize(response)
|
4
|
+
@satus_code = response.code
|
5
|
+
@body = response.body
|
6
|
+
@headers = response.headers
|
7
|
+
@intuit_tid = response.headers['intuit_tid']
|
8
|
+
@timestamp = response.headers['date']
|
9
|
+
super("HTTP status #{@satus_code}, error message: #{@body}, intuit_tid: #{@intuit_tid} on #{@timestamp}")
|
10
|
+
end
|
11
|
+
end
|
12
|
+
end
|
@@ -0,0 +1,46 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require_relative '../base'
|
16
|
+
require_relative '../utils'
|
17
|
+
require 'active_support/all'
|
18
|
+
|
19
|
+
|
20
|
+
module IntuitOAuth
|
21
|
+
module Flow
|
22
|
+
class AuthCode < Base
|
23
|
+
|
24
|
+
# Generate the Authorization Code URL
|
25
|
+
#
|
26
|
+
# @param [Scope] the Scope for the token to be generated
|
27
|
+
# @param [state_token] an option state token to be passed
|
28
|
+
# @return [URL] the authorization code URL
|
29
|
+
def get_auth_uri(scopes, state_token=nil)
|
30
|
+
if state_token.nil?
|
31
|
+
state_token = IntuitOAuth::Utils.generate_random_string()
|
32
|
+
end
|
33
|
+
@client.state_token = state_token
|
34
|
+
url_params = {
|
35
|
+
client_id: @client.id,
|
36
|
+
scope: IntuitOAuth::Utils.scopes_to_string(scopes),
|
37
|
+
redirect_uri: @client.redirect_uri,
|
38
|
+
response_type: 'code',
|
39
|
+
state: state_token,
|
40
|
+
}
|
41
|
+
|
42
|
+
"#{@client.auth_endpoint}?#{url_params.to_param}"
|
43
|
+
end
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
@@ -0,0 +1,97 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'rsa_pem'
|
16
|
+
require 'json_web_token'
|
17
|
+
|
18
|
+
require_relative '../base'
|
19
|
+
|
20
|
+
|
21
|
+
module IntuitOAuth
|
22
|
+
module Flow
|
23
|
+
class OpenID < Base
|
24
|
+
|
25
|
+
# Get the User Info
|
26
|
+
#
|
27
|
+
# @param [access_token] the access token needs to access the user info
|
28
|
+
# @return [Response] the response object
|
29
|
+
def get_user_info(access_token)
|
30
|
+
headers = {
|
31
|
+
Authorization: "Bearer #{access_token}"
|
32
|
+
}
|
33
|
+
|
34
|
+
IntuitOAuth::Transport.request('GET', @client.user_info_url, headers=headers)
|
35
|
+
end
|
36
|
+
|
37
|
+
##
|
38
|
+
# If the token can be correctly validated, returns True. Otherwise, return false
|
39
|
+
# The validation rules are:
|
40
|
+
# 1.You have to provide the client_id value, which must match the
|
41
|
+
# token's aud field
|
42
|
+
# 2.The payload issuer is from Intuit
|
43
|
+
# 3.The expire time is not expired.
|
44
|
+
# 4.The signature is correct
|
45
|
+
#
|
46
|
+
# If something fails, raises an error
|
47
|
+
#
|
48
|
+
# @param [String] id_token
|
49
|
+
# The string form of the token
|
50
|
+
#
|
51
|
+
# @return [Boolean]
|
52
|
+
|
53
|
+
def validate_id_token(id_token)
|
54
|
+
|
55
|
+
id_token_header_raw, id_token_payload_raw, id_token_signature_raw = id_token.split(".")
|
56
|
+
|
57
|
+
# base 64 decode
|
58
|
+
id_token_header_json = JSON.parse(Base64.decode64(id_token_header_raw.strip))
|
59
|
+
id_token_payload_json = JSON.parse(Base64.decode64(id_token_payload_raw.strip))
|
60
|
+
id_token_signature = Base64.decode64(id_token_signature_raw.strip)
|
61
|
+
|
62
|
+
# 1. check if payload's issuer is from Intuit
|
63
|
+
issue = id_token_payload_json.fetch('iss')
|
64
|
+
unless issue.eql? @client.issuer_uri
|
65
|
+
return false
|
66
|
+
end
|
67
|
+
|
68
|
+
# 2. check if the aud matches the client id
|
69
|
+
aud = id_token_payload_json.fetch('aud').first
|
70
|
+
unless aud.eql? @client.id
|
71
|
+
return false
|
72
|
+
end
|
73
|
+
|
74
|
+
# 3. check if the expire time is not expired
|
75
|
+
exp = id_token_payload_json.fetch('exp')
|
76
|
+
if exp < Time.now.to_i
|
77
|
+
return false
|
78
|
+
end
|
79
|
+
|
80
|
+
# 4. check if the signature is correct
|
81
|
+
response = IntuitOAuth::Transport.request('GET', @client.jwks_uri, nil, nil, false)
|
82
|
+
body = response.body
|
83
|
+
|
84
|
+
keys = JSON.parse(body).fetch('keys').first
|
85
|
+
standard_kid = keys.fetch('kid')
|
86
|
+
kid_in_id_token = id_token_header_json.fetch('kid')
|
87
|
+
|
88
|
+
unless standard_kid.eql? kid_in_id_token
|
89
|
+
return false
|
90
|
+
end
|
91
|
+
|
92
|
+
return true
|
93
|
+
|
94
|
+
end
|
95
|
+
end
|
96
|
+
end
|
97
|
+
end
|
@@ -0,0 +1,93 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'uri'
|
16
|
+
require 'json'
|
17
|
+
require_relative '../utils'
|
18
|
+
require_relative '../transport'
|
19
|
+
require_relative '../base'
|
20
|
+
|
21
|
+
|
22
|
+
module IntuitOAuth
|
23
|
+
module Flow
|
24
|
+
class Token < Base
|
25
|
+
|
26
|
+
# Exchange the authorization Code for the Bearer Token
|
27
|
+
#
|
28
|
+
# @param [auth_code] the Code send to your redirect_uri
|
29
|
+
# @param [realm_id] the company ID for the Company
|
30
|
+
# @return [AccessToken] the AccessToken
|
31
|
+
def get_bearer_token(auth_code, realm_id=nil)
|
32
|
+
if realm_id != nil
|
33
|
+
@client.realm_id = realm_id
|
34
|
+
end
|
35
|
+
|
36
|
+
headers = {
|
37
|
+
Accept: 'application/json',
|
38
|
+
"Content-Type": 'application/x-www-form-urlencoded',
|
39
|
+
Authorization: IntuitOAuth::Utils.get_auth_header(@client.id, @client.secret)
|
40
|
+
}
|
41
|
+
|
42
|
+
body = {
|
43
|
+
grant_type: 'authorization_code',
|
44
|
+
code: auth_code,
|
45
|
+
redirect_uri: @client.redirect_uri
|
46
|
+
}
|
47
|
+
|
48
|
+
IntuitOAuth::Transport.request('POST', @client.token_endpoint, headers, URI.encode_www_form(body))
|
49
|
+
end
|
50
|
+
|
51
|
+
# Using the token passed to generate a new refresh token and access token
|
52
|
+
#
|
53
|
+
# @param [token] the refresh token used to refresh token
|
54
|
+
# @return [AccessToken] the AccessToken
|
55
|
+
def refresh_tokens(token)
|
56
|
+
headers = {
|
57
|
+
"Content-Type": 'application/x-www-form-urlencoded',
|
58
|
+
Authorization: IntuitOAuth::Utils.get_auth_header(@client.id, @client.secret)
|
59
|
+
}
|
60
|
+
|
61
|
+
body = {
|
62
|
+
grant_type: 'refresh_token',
|
63
|
+
refresh_token: token
|
64
|
+
}
|
65
|
+
|
66
|
+
IntuitOAuth::Transport.request('POST', @client.token_endpoint, headers, URI.encode_www_form(body))
|
67
|
+
end
|
68
|
+
|
69
|
+
# Revoke the specific access token or refresh token. Return true if success, false otherwise
|
70
|
+
#
|
71
|
+
# @param [token] the refresh token or access token to be invoked
|
72
|
+
# @return [boolean] True if successfully revoked. False otherwise
|
73
|
+
def revoke_tokens(token)
|
74
|
+
headers = {
|
75
|
+
"Content-Type": 'application/json',
|
76
|
+
Authorization: IntuitOAuth::Utils.get_auth_header(@client.id, @client.secret)
|
77
|
+
}
|
78
|
+
|
79
|
+
body = {
|
80
|
+
token: token
|
81
|
+
}
|
82
|
+
|
83
|
+
response = IntuitOAuth::Transport.request('POST', @client.revoke_endpoint, headers, body.to_json, false)
|
84
|
+
if response.code == 200
|
85
|
+
return true
|
86
|
+
end
|
87
|
+
|
88
|
+
return false
|
89
|
+
end
|
90
|
+
|
91
|
+
end
|
92
|
+
end
|
93
|
+
end
|
@@ -0,0 +1,65 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require_relative './utils'
|
16
|
+
require_relative './transport'
|
17
|
+
require_relative './constants'
|
18
|
+
require_relative './base'
|
19
|
+
|
20
|
+
|
21
|
+
module IntuitOAuth
|
22
|
+
module Migration
|
23
|
+
class Migrate < Base
|
24
|
+
|
25
|
+
# Exchange an OAuth 1 token for an OAuth 2 token pair. It is used for apps that are using OAuth 1.0 and want to migrate
|
26
|
+
# to OAuth 2.0.
|
27
|
+
#
|
28
|
+
# @param [cusomer_key] the OAuth 1.0 Consumer key
|
29
|
+
# @param [consumer_secret] the OAuth 1.0 Consumer Secret
|
30
|
+
# @param [access_token] the OAuth 1.0 Access Token
|
31
|
+
# @param [access_secret] the OAuth 1.0 Access Token Secret
|
32
|
+
# @param [scopes] the scopes for the token.
|
33
|
+
# @return [OAuth2Token] the OAuth2 Token object
|
34
|
+
def migrate_tokens(consumer_key, consumer_secret, access_token, access_secret, scopes)
|
35
|
+
if %w[production prod].include? @client.environment.downcase
|
36
|
+
migration_endpoint = IntuitOAuth::Config::MIGRATION_URL_PROD
|
37
|
+
else
|
38
|
+
migration_endpoint = IntuitOAuth::Config::MIGRATION_URL_SANDBOX
|
39
|
+
end
|
40
|
+
|
41
|
+
oauth1_tokens = {
|
42
|
+
consumer_key: consumer_key,
|
43
|
+
consumer_secret: consumer_secret,
|
44
|
+
access_token: access_token,
|
45
|
+
access_secret: access_secret
|
46
|
+
}
|
47
|
+
oauth1_header = IntuitOAuth::Utils.get_oauth1_header('POST', migration_endpoint, oauth1_tokens)
|
48
|
+
headers = {
|
49
|
+
'Content-Type': 'application/json',
|
50
|
+
Authorization: oauth1_header
|
51
|
+
}
|
52
|
+
|
53
|
+
body = {
|
54
|
+
scope: IntuitOAuth::Utils.scopes_to_string(scopes),
|
55
|
+
redirect_uri: @client.redirect_uri,
|
56
|
+
client_id: @client.id,
|
57
|
+
client_secret: @client.secret
|
58
|
+
}
|
59
|
+
|
60
|
+
IntuitOAuth::Transport.request('POST', migration_endpoint, headers, body)
|
61
|
+
end
|
62
|
+
|
63
|
+
end
|
64
|
+
end
|
65
|
+
end
|
@@ -0,0 +1,37 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
module IntuitOAuth
|
16
|
+
class ClientResponse
|
17
|
+
attr_reader :access_token, :expires_in, :refresh_token, :x_refresh_token_expires_in,
|
18
|
+
:id_token, :headers, :body, :code, :realm_id
|
19
|
+
|
20
|
+
def initialize(response)
|
21
|
+
@access_token = response['access_token']
|
22
|
+
@expires_in = response['expires_in']
|
23
|
+
@refresh_token = response['refresh_token']
|
24
|
+
@x_refresh_token_expires_in = response['x_refresh_token_expires_in']
|
25
|
+
if response['id_token']
|
26
|
+
@id_token = response['id_token']
|
27
|
+
end
|
28
|
+
if response['realmId']
|
29
|
+
@realm_id = response['realmId']
|
30
|
+
end
|
31
|
+
|
32
|
+
@headers = response.headers
|
33
|
+
@body = response
|
34
|
+
@code = response.code
|
35
|
+
end
|
36
|
+
end
|
37
|
+
end
|
@@ -0,0 +1,52 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'uri'
|
16
|
+
require 'json'
|
17
|
+
require 'httparty'
|
18
|
+
require_relative './utils'
|
19
|
+
|
20
|
+
module IntuitOAuth
|
21
|
+
class Transport
|
22
|
+
include HTTParty
|
23
|
+
ssl_version :TLSv1_2
|
24
|
+
|
25
|
+
def self.request(method, url, headers=nil, body=nil, isBuildResponse=true)
|
26
|
+
uri = URI(url)
|
27
|
+
|
28
|
+
user_agent_header = {
|
29
|
+
'User-Agent': IntuitOAuth::Version::USER_AGENT
|
30
|
+
}
|
31
|
+
req_headers = headers.nil? ? user_agent_header : user_agent_header.merge!(headers)
|
32
|
+
|
33
|
+
if method == 'GET'
|
34
|
+
response = HTTParty.get(url,
|
35
|
+
headers: req_headers
|
36
|
+
)
|
37
|
+
|
38
|
+
elsif method == 'POST'
|
39
|
+
response = HTTParty.post(url,
|
40
|
+
headers: req_headers,
|
41
|
+
body: body
|
42
|
+
)
|
43
|
+
end
|
44
|
+
|
45
|
+
if isBuildResponse == true
|
46
|
+
IntuitOAuth::Utils.build_response_object(response)
|
47
|
+
else
|
48
|
+
response
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
@@ -0,0 +1,75 @@
|
|
1
|
+
# Copyright (c) 2018 Intuit
|
2
|
+
#
|
3
|
+
# Licensed under the Apache License, Version 2.0 (the "License");
|
4
|
+
# you may not use this file except in compliance with the License.
|
5
|
+
# You may obtain a copy of the License at
|
6
|
+
#
|
7
|
+
# http://www.apache.org/licenses/LICENSE-2.0
|
8
|
+
#
|
9
|
+
# Unless required by applicable law or agreed to in writing, software
|
10
|
+
# distributed under the License is distributed on an "AS IS" BASIS,
|
11
|
+
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
12
|
+
# See the License for the specific language governing permissions and
|
13
|
+
# limitations under the License.
|
14
|
+
|
15
|
+
require 'base64'
|
16
|
+
require 'active_support/all'
|
17
|
+
require 'cgi'
|
18
|
+
require 'openssl'
|
19
|
+
require_relative './response'
|
20
|
+
require_relative './exception'
|
21
|
+
|
22
|
+
module IntuitOAuth
|
23
|
+
class Utils
|
24
|
+
def self.scopes_to_string(scopes)
|
25
|
+
scopes_str = scopes.join(' ')
|
26
|
+
scopes_str.chomp(' ')
|
27
|
+
end
|
28
|
+
|
29
|
+
def self.get_auth_header(client_id, client_secret)
|
30
|
+
encoded = Base64.strict_encode64("#{client_id}:#{client_secret}")
|
31
|
+
"Basic #{encoded}"
|
32
|
+
end
|
33
|
+
|
34
|
+
def self.generate_random_string(length=20)
|
35
|
+
Array.new(length){[*'A'..'Z', *'0'..'9', *'a'..'z'].sample}.join
|
36
|
+
end
|
37
|
+
|
38
|
+
def self.get_oauth1_header(method, uri, oauth1_tokens, uri_params={})
|
39
|
+
params = {
|
40
|
+
oauth_consumer_key: oauth1_tokens[:consumer_key],
|
41
|
+
oauth_token: oauth1_tokens[:access_token],
|
42
|
+
oauth_signature_method: 'HMAC-SHA1',
|
43
|
+
oauth_timestamp: Time.now.getutc.to_i.to_s,
|
44
|
+
oauth_nonce: generate_random_string(7),
|
45
|
+
oauth_version: '1.0'
|
46
|
+
}
|
47
|
+
|
48
|
+
all_params = params.merge(uri_params).sort.to_h
|
49
|
+
base_string = "#{method.upcase}&#{CGI.escape(uri)}&#{CGI.escape(all_params.to_param)}"
|
50
|
+
key = "#{oauth1_tokens[:consumer_secret]}&#{oauth1_tokens[:access_secret]}"
|
51
|
+
|
52
|
+
signature = CGI.escape(Base64.strict_encode64(OpenSSL::HMAC.digest('sha1', key, base_string).to_s))
|
53
|
+
params[:oauth_signature] = signature
|
54
|
+
"OAuth #{format_string_delimiter(params, ',', true)}"
|
55
|
+
end
|
56
|
+
|
57
|
+
def self.format_string_delimiter(params, delimiter, with_quotes=false)
|
58
|
+
if with_quotes
|
59
|
+
return params.map { |k, v| "#{k}=\"#{v}\"" }.join(delimiter)
|
60
|
+
end
|
61
|
+
params.map { |k, v| "#{k}=#{v}" }.join(delimiter)
|
62
|
+
end
|
63
|
+
|
64
|
+
def self.build_response_object(response)
|
65
|
+
url = response.request.last_uri.to_s
|
66
|
+
if response.code != 200
|
67
|
+
raise OAuth2ClientException.new(response)
|
68
|
+
elsif url['openid_sandbox_configuration'] || url['openid_configuration'] || url['openid_connect/userinfo']
|
69
|
+
response
|
70
|
+
else
|
71
|
+
IntuitOAuth::ClientResponse.new(response)
|
72
|
+
end
|
73
|
+
end
|
74
|
+
end
|
75
|
+
end
|
metadata
ADDED
@@ -0,0 +1,235 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: intuit-oauth
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.0.0
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Intuit Inc
|
8
|
+
autorequire:
|
9
|
+
bindir: exe
|
10
|
+
cert_chain: []
|
11
|
+
date: 2019-01-03 00:00:00.000000000 Z
|
12
|
+
dependencies:
|
13
|
+
- !ruby/object:Gem::Dependency
|
14
|
+
name: httparty
|
15
|
+
requirement: !ruby/object:Gem::Requirement
|
16
|
+
requirements:
|
17
|
+
- - "~>"
|
18
|
+
- !ruby/object:Gem::Version
|
19
|
+
version: 0.16.3
|
20
|
+
type: :runtime
|
21
|
+
prerelease: false
|
22
|
+
version_requirements: !ruby/object:Gem::Requirement
|
23
|
+
requirements:
|
24
|
+
- - "~>"
|
25
|
+
- !ruby/object:Gem::Version
|
26
|
+
version: 0.16.3
|
27
|
+
- !ruby/object:Gem::Dependency
|
28
|
+
name: json
|
29
|
+
requirement: !ruby/object:Gem::Requirement
|
30
|
+
requirements:
|
31
|
+
- - "~>"
|
32
|
+
- !ruby/object:Gem::Version
|
33
|
+
version: '2.1'
|
34
|
+
type: :runtime
|
35
|
+
prerelease: false
|
36
|
+
version_requirements: !ruby/object:Gem::Requirement
|
37
|
+
requirements:
|
38
|
+
- - "~>"
|
39
|
+
- !ruby/object:Gem::Version
|
40
|
+
version: '2.1'
|
41
|
+
- !ruby/object:Gem::Dependency
|
42
|
+
name: json_web_token
|
43
|
+
requirement: !ruby/object:Gem::Requirement
|
44
|
+
requirements:
|
45
|
+
- - "~>"
|
46
|
+
- !ruby/object:Gem::Version
|
47
|
+
version: 0.3.5
|
48
|
+
type: :runtime
|
49
|
+
prerelease: false
|
50
|
+
version_requirements: !ruby/object:Gem::Requirement
|
51
|
+
requirements:
|
52
|
+
- - "~>"
|
53
|
+
- !ruby/object:Gem::Version
|
54
|
+
version: 0.3.5
|
55
|
+
- !ruby/object:Gem::Dependency
|
56
|
+
name: rsa-pem-from-mod-exp
|
57
|
+
requirement: !ruby/object:Gem::Requirement
|
58
|
+
requirements:
|
59
|
+
- - "~>"
|
60
|
+
- !ruby/object:Gem::Version
|
61
|
+
version: 0.1.0
|
62
|
+
type: :runtime
|
63
|
+
prerelease: false
|
64
|
+
version_requirements: !ruby/object:Gem::Requirement
|
65
|
+
requirements:
|
66
|
+
- - "~>"
|
67
|
+
- !ruby/object:Gem::Version
|
68
|
+
version: 0.1.0
|
69
|
+
- !ruby/object:Gem::Dependency
|
70
|
+
name: addressable
|
71
|
+
requirement: !ruby/object:Gem::Requirement
|
72
|
+
requirements:
|
73
|
+
- - "~>"
|
74
|
+
- !ruby/object:Gem::Version
|
75
|
+
version: '2.3'
|
76
|
+
type: :development
|
77
|
+
prerelease: false
|
78
|
+
version_requirements: !ruby/object:Gem::Requirement
|
79
|
+
requirements:
|
80
|
+
- - "~>"
|
81
|
+
- !ruby/object:Gem::Version
|
82
|
+
version: '2.3'
|
83
|
+
- !ruby/object:Gem::Dependency
|
84
|
+
name: backports
|
85
|
+
requirement: !ruby/object:Gem::Requirement
|
86
|
+
requirements:
|
87
|
+
- - "~>"
|
88
|
+
- !ruby/object:Gem::Version
|
89
|
+
version: '3.11'
|
90
|
+
type: :development
|
91
|
+
prerelease: false
|
92
|
+
version_requirements: !ruby/object:Gem::Requirement
|
93
|
+
requirements:
|
94
|
+
- - "~>"
|
95
|
+
- !ruby/object:Gem::Version
|
96
|
+
version: '3.11'
|
97
|
+
- !ruby/object:Gem::Dependency
|
98
|
+
name: bundler
|
99
|
+
requirement: !ruby/object:Gem::Requirement
|
100
|
+
requirements:
|
101
|
+
- - "~>"
|
102
|
+
- !ruby/object:Gem::Version
|
103
|
+
version: '1.16'
|
104
|
+
type: :development
|
105
|
+
prerelease: false
|
106
|
+
version_requirements: !ruby/object:Gem::Requirement
|
107
|
+
requirements:
|
108
|
+
- - "~>"
|
109
|
+
- !ruby/object:Gem::Version
|
110
|
+
version: '1.16'
|
111
|
+
- !ruby/object:Gem::Dependency
|
112
|
+
name: coveralls
|
113
|
+
requirement: !ruby/object:Gem::Requirement
|
114
|
+
requirements:
|
115
|
+
- - "~>"
|
116
|
+
- !ruby/object:Gem::Version
|
117
|
+
version: '0.8'
|
118
|
+
type: :development
|
119
|
+
prerelease: false
|
120
|
+
version_requirements: !ruby/object:Gem::Requirement
|
121
|
+
requirements:
|
122
|
+
- - "~>"
|
123
|
+
- !ruby/object:Gem::Version
|
124
|
+
version: '0.8'
|
125
|
+
- !ruby/object:Gem::Dependency
|
126
|
+
name: rake
|
127
|
+
requirement: !ruby/object:Gem::Requirement
|
128
|
+
requirements:
|
129
|
+
- - "~>"
|
130
|
+
- !ruby/object:Gem::Version
|
131
|
+
version: '11.0'
|
132
|
+
type: :development
|
133
|
+
prerelease: false
|
134
|
+
version_requirements: !ruby/object:Gem::Requirement
|
135
|
+
requirements:
|
136
|
+
- - "~>"
|
137
|
+
- !ruby/object:Gem::Version
|
138
|
+
version: '11.0'
|
139
|
+
- !ruby/object:Gem::Dependency
|
140
|
+
name: rdoc
|
141
|
+
requirement: !ruby/object:Gem::Requirement
|
142
|
+
requirements:
|
143
|
+
- - ">="
|
144
|
+
- !ruby/object:Gem::Version
|
145
|
+
version: '5.0'
|
146
|
+
- - "<"
|
147
|
+
- !ruby/object:Gem::Version
|
148
|
+
version: '7'
|
149
|
+
type: :development
|
150
|
+
prerelease: false
|
151
|
+
version_requirements: !ruby/object:Gem::Requirement
|
152
|
+
requirements:
|
153
|
+
- - ">="
|
154
|
+
- !ruby/object:Gem::Version
|
155
|
+
version: '5.0'
|
156
|
+
- - "<"
|
157
|
+
- !ruby/object:Gem::Version
|
158
|
+
version: '7'
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: rspec
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: '3.0'
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: '3.0'
|
173
|
+
- !ruby/object:Gem::Dependency
|
174
|
+
name: wwtd
|
175
|
+
requirement: !ruby/object:Gem::Requirement
|
176
|
+
requirements:
|
177
|
+
- - "~>"
|
178
|
+
- !ruby/object:Gem::Version
|
179
|
+
version: '0'
|
180
|
+
type: :development
|
181
|
+
prerelease: false
|
182
|
+
version_requirements: !ruby/object:Gem::Requirement
|
183
|
+
requirements:
|
184
|
+
- - "~>"
|
185
|
+
- !ruby/object:Gem::Version
|
186
|
+
version: '0'
|
187
|
+
description: A Ruby wrapper Intuit's OAuth and OpenID implementation.
|
188
|
+
email:
|
189
|
+
- idgsdk@intuit.com
|
190
|
+
executables: []
|
191
|
+
extensions: []
|
192
|
+
extra_rdoc_files: []
|
193
|
+
files:
|
194
|
+
- Gemfile
|
195
|
+
- Gemfile.lock
|
196
|
+
- LICENSE
|
197
|
+
- README.md
|
198
|
+
- intuit-oauth.gemspec
|
199
|
+
- lib/intuit-oauth.rb
|
200
|
+
- lib/intuit-oauth/base.rb
|
201
|
+
- lib/intuit-oauth/client.rb
|
202
|
+
- lib/intuit-oauth/constants.rb
|
203
|
+
- lib/intuit-oauth/exception.rb
|
204
|
+
- lib/intuit-oauth/flow/code.rb
|
205
|
+
- lib/intuit-oauth/flow/openid.rb
|
206
|
+
- lib/intuit-oauth/flow/token.rb
|
207
|
+
- lib/intuit-oauth/migration.rb
|
208
|
+
- lib/intuit-oauth/response.rb
|
209
|
+
- lib/intuit-oauth/transport.rb
|
210
|
+
- lib/intuit-oauth/utils.rb
|
211
|
+
homepage: https://github.com/intuit/oauth-rubyclient
|
212
|
+
licenses:
|
213
|
+
- Apache-2.0
|
214
|
+
metadata: {}
|
215
|
+
post_install_message:
|
216
|
+
rdoc_options: []
|
217
|
+
require_paths:
|
218
|
+
- lib
|
219
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
220
|
+
requirements:
|
221
|
+
- - ">="
|
222
|
+
- !ruby/object:Gem::Version
|
223
|
+
version: 1.9.0
|
224
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
225
|
+
requirements:
|
226
|
+
- - ">="
|
227
|
+
- !ruby/object:Gem::Version
|
228
|
+
version: 1.3.5
|
229
|
+
requirements: []
|
230
|
+
rubyforge_project:
|
231
|
+
rubygems_version: 2.6.13
|
232
|
+
signing_key:
|
233
|
+
specification_version: 4
|
234
|
+
summary: A Ruby wrapper for the OAuth 2.0 protocol.
|
235
|
+
test_files: []
|