namely 0.0.1

data/spec/fixtures/vcr_cassettes/report_head_missing.yml

@@ -0,0 +1,50 @@
+---
+http_interactions:
+- request:
+    method: head
+    uri: https://<TEST_SUBDOMAIN>.namely.com/api/v1/reports/this-is-almost-certainly-not-the-id-of-any-model?access_token=<TEST_ACCESS_TOKEN>
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Accept:
+      - application/json
+      Accept-Encoding:
+      - gzip, deflate
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Encoding:
+      - gzip
+      Content-Type:
+      - application/json; charset=utf-8
+      Date:
+      - Tue, 04 Nov 2014 16:34:50 GMT
+      Server:
+      - nginx/1.6.2
+      Status:
+      - 404 Not Found
+      Strict-Transport-Security:
+      - max-age=31536000
+      Vary:
+      - Accept-Encoding
+      X-Rack-Cache:
+      - miss
+      X-Request-Id:
+      - d7d37c67-ed05-4344-a6ff-cdfdf35552cc
+      X-Runtime:
+      - '0.024991'
+      Connection:
+      - keep-alive
+    body:
+      encoding: UTF-8
+      string: ''
+    http_version: 
+  recorded_at: Tue, 04 Nov 2014 16:34:50 GMT
+recorded_with: VCR 2.9.3

data/spec/fixtures/vcr_cassettes/report_show.yml

@@ -0,0 +1,185 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://<TEST_SUBDOMAIN>.namely.com/api/v1/reports/bbf089f6-90c5-473c-8928-058014a462c9?access_token=<TEST_ACCESS_TOKEN>
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Accept:
+      - application/json
+      Accept-Encoding:
+      - gzip, deflate
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - max-age=0, private, must-revalidate
+      Content-Encoding:
+      - gzip
+      Content-Type:
+      - application/json; charset=utf-8
+      Date:
+      - Tue, 04 Nov 2014 16:34:49 GMT
+      Server:
+      - nginx
+      Status:
+      - 200 OK
+      Strict-Transport-Security:
+      - max-age=31536000
+      - max-age=31536000; includeSubDomains;
+      Vary:
+      - Accept-Encoding
+      X-Rack-Cache:
+      - miss
+      X-Request-Id:
+      - 977b6e70-4437-4f03-b138-0dc56ceafea1
+      X-Runtime:
+      - '0.114426'
+      Content-Length:
+      - '5918'
+      Connection:
+      - keep-alive
+    body:
+      encoding: ASCII-8BIT
+      string: !binary |-
+        H4sIAAAAAAAAA7VdXXPbttL+Kx7f5Kb2SPKX1BvXH4kdx0p8JDeettPJgCRE
+        wiIJlR9W5E7/+9ldAJQSA/W+r04uTmM+oJYgsNh9drHg+Xu3kgtdNfXuz3/8
+        vauS3Z93o2jWG45mx3ujXny0d3hyEO8NR4PhXu9o2OsfisPjQTza/Wm3WS0k
+        3L2o9EzlEoBY521RGkGlKDYa6y8zVdXNF0K7XzbyawNXuYhkDpfv8JYduuWf
+        n15KyMVrAm7Fv/1eFkLlwd++pVbf7+pGVM2XRDQbD7ZX7sdTvGWHQP+TF7le
+        SfmFfh3ugblr5x6bfXLaWlbYnaatg1J+hXt2puaef/7EOSkbWTYwJ3/sflR1
+        JmUCd/8uqmeRy0e9M4aeqxLFybopzQ3PrrWgxl/kVwF9k/uxLuDGAegAqMJe
+        rw8X79o837lXNClncaOe5I57j90/f/pj955+clG1qqY318VLaX0QtdfvMaSd
+        S1Eldb6C5nF8qVP4N7LQXv+wf3g8PB4cD/b7x8PB8OQXHL58tdnrfm/v4H/0
+        nOPBYP9wcHxwfPRjn3PSP94fjY5PBgc/+DkHo/3Dwz486Qc/5/hoH57SH/zo
+        5wyH+8PRqDf4wfMzPBrt9wZwMfzBzxn19g8PTg77gx/6nJOjPqyf/sFw2Nvm
+        Qf9pJdqUa1HW0hkXsr9/QYPXnpxABxiCX3+DUa/X2x8eDkDsFi9wo7OyxKdc
+        ysUC/nmka6/tGuwNjhgSjSWcFqrJ7ICAMazx8qXUwV5vtNc/YEj9KCX6tMlK
+        dDYckAouX0o9wLcfDOHiApxCJeJGV6HOqkI3Gb7/FQxuKSvXZYOnBvR2HOZy
+        wOj4Wa0K0pCiEPHcihcAZgbxdb833OuPGLIvRa6g6YOo1qJJ+xJo8GofKAZn
+        Di9EoXKiOp9VWupSWeGxwZ8MGBp5zhPeKV0KaLuTjaxqK36G4IKQwLD0jhmy
+        7zNw6Cjzs1QlTqGbVMKfLOh9Qp+3Oi9Ehdp4VibQVe00MgZUWMirMidAJxjS
+        p41cZNauwJjI3L1AbRoyi3qfcbA34PCVmzZXOP4THUnkxLDyEQks/B5nUM5z
+        Mce2W2ghwxUh4JV4xFOSW6mh5VLFYlEp/DOX+oU81AoY2BOGvLFIU4WN00bN
+        ZvBvQcBLkWCUQBM44zjFSZcNMlM0pUYZagt63/1kb8AxzJdplkVRBK2fn7Ls
+        6WtSZhqXoSyr5f5yDmbJt8Bh+fU5IwEmA4VNwcw57Z0DFPBYg+8t9PtS+FZF
+        Bq9N43vdliUZ6thAvhEGJWBxYVHn9Sx/rAX8L6E/cDkIxKBpDvgM/zOngZ/X
+        CbTUs3kOt3nfZsQbIOPFzoUqpbNO4MYiuvbKPea5A1hvOD6ajCtKrXSUwVVg
+        5Fmxx0R/FWWJrejEVKk6N1aZltTBXovd5ynkO5mrr9B2KZ5UZ7ARSxDwWtMR
+        b0yu0GFB20Umq2plRacIxoT47BwoOm9spEhJEy90VUkyeTQwBMcGC/ESzqhM
+        RJ0pVMhb2c0oQbn0zOmAHU/eVaqMZV2TZIFMKod/QhrNMab3OsKxvRV57sa4
+        ASjHa+/sHfOM9KtMdTQYDg73T4DUD7dhqmMJtGlVNmh5YrjnM9grEdE6mmn9
+        JRLVFsKvFKwTtIjXUnS8NSUwQ4TL0vyG8SyXuHKutc5V1hFYAWhmoZBJ4bDA
+        1ybg5Ph41BtiMDo4GAXGiKOSH1SlLOup5N5YweLM7avMsUkQXhDuHa8jQ8pf
+        H6/X32g4HJzsnxwMDgbbvNGNMP76DDitm5VHxAQCAZPW/56C+t8B2QD2X+vK
+        GQaMrQq89koGN/s/me3h4AgCw+PB8fBwm7E5JyP/Ps1l3VlNii0gtIj97mrE
+        01c7MhBjLLq1gEMTE+A1mhB6cpy2lTyNMwgOgdemnSNE+fUGzJ1b31PeJgmR
+        nHthogwaGcQaBLaRfNPWJkd5LcFr17Wz04+EZxb0jhBM7Pdry/eEsxREnX4h
+        pa9zUdgHCAsLxEJvgHb01YB6ois7OG5qK0Qaf5zOZTj3laCm/GnNxgASeO3l
+        ND1eHPeg4rlE7n6fyR2zmJYENZlMdBpyt5y5NIEVDpmoRVqBcey4B7XEHRyw
+        lay0yDpUvMhFNV/HojZUjC0acPAsKoyEDxnOHYiy0pHyJQu4DqxWFiG50/oR
+        x+QarK2Vu0Aog2uvXGb4P6FBmDYigkB/1XS0TJd1h3kjs0NeeH4nkgRX5qcy
+        dd1GRJcefaGUAkvFbwTKnD7Hz7KKQAddyuVRrOo1GOo35wlgVCr1V4vNv8ll
+        0S3QzOIrAgNMhHT+1dV/XlFwNtblszEyKD8CsDBIyLRwhv0MQspImqzUVaVj
+        N6/C4SmC3u4zB+gGHH+TaZN4qTrFebRwhtg2C2m9WO9kolK9+81SXRAWUiFO
+        HAUqH0vUot90W+tZJx7RFUHbSL/IKqIEV9+kvBBMAxmvPtlhDv2+BRbcoC04
+        r2S61syc4MhggZll2XlQSBVTiJlrXUrnVwuCY4MFTA6LeCAZFsSGP8JfOl8P
+        UGFaSgd7Z+CAF4FfyqrQ5K1UnoMd69hNQg2NQ7cxQ1PR4ms8gA0W3RKrAVwa
+        xDdKmPPlaNAUAh1s+1CJp6bWT046wnOLhagxR/5niKhKQ6DOK90uu/F5sg2R
+        Qb1GdMQbn3fgstEL3j+LVLdVuU6FYEPToV5tOuA9YyyU3at+wCkVhXtGYRqW
+        FvWO1ZDnxFxICqFD3VjxFJASEJDM3JSgxP50JV3aOgGkhkvvCu7ziA5S+x07
+        HHDLpFXPu2tqb0ekAtQ78Myk36Sta0lk5FxUXQ7NgBEg27CGawk6iANjChHc
+        lGYEm/oD/4Qe7g04Ju4KGLx4Qp8yBk/uOp8atEDIK33AixseRGo2xy7lLQSw
+        5bNzXktqSGRu0NDS4ozQldQQmu3S4o3nucxao5op4b+AC27TrIl0s6k/NAMM
+        4eDbafTPXIhlPXspBCEh3sDR+FdC8qN+fzg8OdrHHVv/7jnzHa4EZUeRZHVZ
+        UoCQX/m9Fww8Z22dJbSmgNfmbloFQAu8DliCAYeIW0vwTm8QBrQFM+3nC0Yd
+        ORYSVIX2by51hLT+uWPLKTYkHep7BjosTu9vREGR7O+imKlK1nHrtAYbnjvU
+        +wzmjIItWO0BsYXme1m0lXuNAnEgtg2BAc7AWrhnuYopfzOWNSzUnVuIU5zt
+        EdRWUEOOuFeJuAnrTOUKKwhAS/VMdJq0IDy1YMixcNw7UCv0vL/LNFORoyZA
+        rObPBvES0AFP9qdnsjyfkrYUauUidQ2otlDINnMMxL3d1/ioYJSfVeHkN4iX
+        DtxmCV/qQpWUFh/rOs5Ut2OfmIbCooEZfpGX9QYAoso16s6nN8DkwBZvpqhi
+        atRv6nVLYIGztAnm2myRXconVW5MNqAJQQGSywoHJpo0CaLIJmu7jBJ6ndRC
+        3nE64WVO3abqR7AP3VTXCJaEhFYZh6GAq6E46VLUbpciQiiB69Dccvp8g2YA
+        2h5wR6xLxzwiujRQyBFweo3FBhT3XuVtPF/Hd4+EpxYMrLAeSzcxDm00xNFI
+        UsaqnHfhRbxuKgj3cpQjnqu/gRAIVedBlRt1K4+ILg3kfQvm7H7CwgFou1bd
+        FGiEwIT6x/+Qx2s/5QAZwWWqIVBx1kFTQ+ZQLwk6frn97x0ZCeqNje9y2cTZ
+        OvNO+MyCXh095tkEcJaxMqk9uRSVi1oKgmuDed/giBe4QIghDEn8KOoY7isb
+        58QeTVPZ4dus4Qud42+uKhHpZd1RFzBtReowr3ym7TzLCsppX7YL6SynQCxB
+        IDADtNX7an5vDDekEE2QNxsDLe+WMm0NFV0zV5P8e2e2yo9S2u4NsNSPstnb
+        peDQDJMB1ct1YRgZZ5EQ5O05c+QvxROxiDcTJbp0fwKgflMhEiByLAv9tiBf
+        Mo5vwRhvDHshijgnKEQTOdJtCPCh1F+dxgAyh8vQeHD87BS3hMX3qlITWhAU
+        8LOshKTlg2MwXDPd1cghISws9G+6/pr0qShayug9aJ3nXcqwJnhpsMDYsKyN
+        21V50N02Au2qLEP7CHZ39fU1Si5kqp87EwwWssbLgIKwVBviCBPEva0Xulad
+        ZRSESwsGKB9LBc+N05uIjjNFgICi+JcNM59pFfu80rrYLKVE9Y46MERVOUo+
+        0Y0q0IhP2jLrdlQrQiuCtjK5htkoWj1XaGJbN62xa0kN7H3MiJc9ulVmf/Ih
+        Uw0Qvq4EJkd86cCQd+WtVrPNN52ty9NKxOpZoDANs3YcyXbT6V2biLxTHcBm
+        BHglMxPKV1grQHmdD6I0U4TCUwPPCQspJ8cb3UjKYoxFfKnbdL0N+gh4IeLE
+        gCHmzdkyuNF0HGkiE+B4TZeFeQS4cpiXDx/y9lpvTOH5uAVi7WQDVOC1Vx8P
+        ef121hFLuReb2SOAG4ttYxbOK5WkxJLONawiR+QjA0eEBZg8L1aGONXEOWOk
+        2d12mYELwryr6YC3YXajseW6LRZgBLoI9lHLzEHbsIGpIK89EflG32sAK4ME
+        NJLl986KiNb/Ld4g8MJfpMQK5M/Nbqpomq5+K5Llgq4DJoUVzFgidy9Webfq
+        kcc1BHgXzJDnLcaKGO30WTRZIdYJP4Brh4XIM0e+SzWBIY/WrIUSTUsDhZYN
+        xyCaHXLji9p8vlG+ZfCUwBAL4Cyc356EyYbOnSlfAdLAZYj2c5bLR0Wk/zfd
+        VbCUgKy0r4DFUHIORbw0Czy+QCqBhqPTlLKIYwcGnCYrcXJndmPP2ybvnOYC
+        sIiAgJ6wCl5/FzH6+ImIn1ddrvYZwMogAdlEQd9joqMMCL4Q9YIY6ESsIKpy
+        fCsmuDLYNh7ntp2LGvf+LoFfAc1yaZ6c8MSCXt/D9JkUI2LjBjWnCFH6uTm/
+        +J82McFaVTZyAbdfio6S4kbmwjQW4PuxxfsaTBc0EbZAtwu+KpmC1u8/4RGu
+        VNS/pBizf6eWLO+5YQbua6f1zgY0tb9IgMmJ3hYqp7M+D6ppVDcBkuClwUJs
+        kVWhiJRo5wyoW0mPGetsw4zVUpiWQnursg/Y8Z07YDVdSrmuOKFDVrWBAtJZ
+        pqfLqE6kmm0W5JiUauVQr7YOmEZTaHOY/VqsOopREpghEmDWL4q5/DmeD+bL
+        At/keOaA/UuOh+m8reRPtkzXCdZ4HeBcLNd6K+0pm7tctC77mBO4QMQrm3ng
+        stv7Hou6nbudRrPzXRAUcH8sY/9OqiTL6RzqlS6kq5yYWRhTdp66iQN2ee4Y
+        v9qAk6l00+huu6ZAOLZYoP+skZ82rcn3PqxiGbvYtCZ0SVDIInA8ysU6wMbt
+        labTmtg2RAb1GuNjHq25leaU9a2oVtIxmxzBnJCQv+LI7r5sMY11s5EVx4oS
+        RAJjw/JYnYM6R2qgEyfeuKfIgqEncFbrO2HLClvgqGLnLNZ14wZohm0pNQjC
+        A/6QtcTGIpO0aTYV5c4YC15duF1QSw2sjdDAPPPovZuLOwjcT0/rnTvdFRtS
+        08LgC+0/Y88kQV33pzADiXxyA2ZeoLagb1rcgahX3eRYkC5NxPqEaCGw6r7w
+        x3+urIIlOJNLaH1fLdWmbEAVQiH6wJtlJ/1amFrnDekZQoGlxjN0Mld1jaP9
+        WSTpOlNZGPzJgAEFYpnqdSUpplZe1JE+GtD7BOaJRRuBPlQqzTprAdiSAJ9W
+        4glRjrHADTq8DYIDPAa/rlqs4pnDQo6dlQt1h2c3tm7o+Kx/38aYBs6q/Sie
+        aSov2kLV846slQjHFgv4R1b9x1opv5tUg//bpDJ3Kz5gTQS0/Vq1cdZWjWMQ
+        c8RbB3rfgcn5z+D3FNbpBBSl7UiEQLxyoPcJQ8PbXp1eiKcVqf5tG3eTkBCY
+        I7INhZhojIaopGTzSF5l4fCxPGYuwCZCb+VFtwWA05rL2Jf/X8fSrw7KWS4f
+        ccMMY5VPbz7KdWmAcC36TSlDFQLMtMs5BCSJimnbWAk3t5FFE4C2kX4lS+z+
+        NBeJG/gUoBqvvb6E+fEFozA0qXeqoz5WY+RC+bgPv6IBRr6uKUa8lVkpu4ID
+        YfDcgNswT7enK1oI+t3I0JauQbwWYcDLYrgM+m+np6fdYqX8+YoQr2zmzitE
+        z5kmPntfycduK9CgDUKhUeH0vNujv6/axaJjaWaTvjFYgNrwLFktEriFDtXf
+        CqDIVWfLXEtu4MBTWPv17ymgmC5F5CwZRBI1XgbYE2vkH8zyn+p1PhBr32vt
+        TQea3nJ03RxboeOs04WoRFro7mgrZolK2+5dT55PWvlj/reVOYUzwWOP+aZ8
+        iS1e4UNeGIGid7EujqJPFPdCGiWLXzIZf1dvJbIhbXZwsJc43LkFvdS9zwtD
+        bHbiQeQUjGBmwiuOyUi7EotPKM2UVryU1yMF43SvO4J8kdHmDGrBY6BCni/1
+        s8CKUOzmHShXQgHfk8FeTtOIponj1D/SxtEubhfUzc75+X/gzyj6y6tHzKzp
+        Ojt7KYtFTTTEJmW3mfUrYaK12pC/UjYzXRVfUf/7oe5y1B5miRzHRSWWIBEN
+        PsQJvgws9ZUVgkx0qdDXTeMMS+pMHclmjwfb9BgL0rHtZfWY8Fh1/oaG83fX
+        XdBnv4QG8DZyYb1mYE7IrFzD+sd5nDvMtyaQUHNM+Vv70Yk7XSzoO1fS+9EJ
+        qoLgJR8gPDKnxlxoVyHgVYUDnnVx7sZ+zG/5kmX2RyPTQY64t1TwRD6LlphM
+        PMrfZyeou6Tp+lSnPSvkmxbmViFWk5iN0wutF6T7kYEC/pUldaoXGW0HnLdk
+        9mu6fjnZJ2wOdiMqab47RLVYj3gZMtGcubFVNJZH4yt7R3HEY59UDTyj0TuD
+        v2wZwaNvV77P9iITDSsa5Vy2JmdYEeAVyT2SCqzVzPZUQDTyrUGqTWPA2rFG
+        1dXV34oZjEazopkqPGkQVE8ms98Y21uxrGRJ9vTRooEFxRoNYPOlmakPMBr2
+        e5VWXiFKkcIrIJEtU8/e4SFvRILflYl8h2YP2aYKPCF9eqDFTeZdcoMvNbiH
+        IQKPW2zscYJrEdW3fNhtdgY8Cyv6++BKNfB7Ya46a+7/4FmP/d2eGyBV2LZx
+        dPgRoYBtYFmvK9ypgLa3SUIuy4qS9p6wTjD3xS/NoZZprKwyJwDU5gqFv5zH
+        Q/apAZS9s5b8IKpotYOfMqEFJBYKnxVLLGlw7+F7GreuTJvSdayjLLocVoTo
+        0kA+L4LvwuFOVyKiPNGnN5fLjTO+iOo3yTJwxpd7GPHCBoAXGpQ8z6nCDOXH
+        msJhC758wv8hb9AmFQ3K6enORYtlCKI8Pe32AAQ1n57GG00Bk0DF/nf4Mfp/
+        edy7CpgwjtKlrPHD7LUUrStvn1FbstHgfRLz+KA78nUJqqbybjuGUhaJqBHy
+        2mXm/qrJe09PT8s463I5QO5qi3hlM7eSrlQiqe+/LoDtrMv9UsJbC3qfwNxD
+        XJ8t2yykt2fLAnX0ffbJL5f5vgJf7WRT1jtFwLvamB5lfaZyovF8Rfc5A4NX
+        BgysZ1Z518PKbLKdVeX6AMMSQUFIQCV7rGz6VftsKlBvdTzP1uelUsJzC3q7
+        z5zYibCbwx+WSjTzzcNMFTXN13iARLFSadfCOMo73Zg8TIbAgq5CcjluDYjU
+        HBXzbnfTsyMYcOusUbmCMNxUE9wpWW2kdUF4atpC4r/fSwpUzgCdJjf8TuaL
+        b1jJnFq4nQ/k6ECr60hSvPeg7OeQ1nk61+p9yAlvPt8/Uc5GFLD8UX38dGLw
+        /69PGxOzBLWJuupdcz7N961X/obAR7mkLXHdpbxNbhRgr1hm7U/wK+6xrFSy
+        DFQyM13HtcrtVyNaa9wzQl6SnBE7Ce1M7nRhvzdF9vZlKE9Hlngib2QlCxQ1
+        UUm6FJ2TILgyWEDlWF7iXCJbpwocWaIHjQzgY8WsPv/5026u0Hz8/Pc/+H8/
+        U0igsPD3Bmz+hCAdb/kvtPocsn5oAAA=
+    http_version: 
+  recorded_at: Tue, 04 Nov 2014 16:34:49 GMT
+recorded_with: VCR 2.9.3

data/spec/fixtures/vcr_cassettes/report_show_missing.yml

@@ -0,0 +1,54 @@
+---
+http_interactions:
+- request:
+    method: get
+    uri: https://<TEST_SUBDOMAIN>.namely.com/api/v1/reports/this-is-almost-certainly-not-the-id-of-any-model?access_token=<TEST_ACCESS_TOKEN>
+    body:
+      encoding: US-ASCII
+      string: ''
+    headers:
+      Accept:
+      - application/json
+      Accept-Encoding:
+      - gzip, deflate
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 404
+      message: Not Found
+    headers:
+      Cache-Control:
+      - no-cache
+      Content-Encoding:
+      - gzip
+      Content-Type:
+      - application/json; charset=utf-8
+      Date:
+      - Tue, 04 Nov 2014 16:34:49 GMT
+      Server:
+      - nginx/1.6.2
+      Status:
+      - 404 Not Found
+      Strict-Transport-Security:
+      - max-age=31536000
+      Vary:
+      - Accept-Encoding
+      X-Rack-Cache:
+      - miss
+      X-Request-Id:
+      - 52e1e643-65de-487a-8b28-2be8291d2f1b
+      X-Runtime:
+      - '0.025837'
+      Content-Length:
+      - '64'
+      Connection:
+      - keep-alive
+    body:
+      encoding: ASCII-8BIT
+      string: !binary |-
+        H4sIAAAAAAAAA6tWyk0tLk5MT1WyUgpKLcgvKlHIyy9RSMsvzUtR0lFKLSrK
+        LypWssorzcmpBQBUHrxBLAAAAA==
+    http_version: 
+  recorded_at: Tue, 04 Nov 2014 16:34:49 GMT
+recorded_with: VCR 2.9.3

data/spec/fixtures/vcr_cassettes/token.yml

@@ -0,0 +1,57 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://<TEST_SUBDOMAIN>.namely.com/api/v1/oauth2/token?redirect_uri=<CLIENT_REDIRECT_URI>
+    body:
+      encoding: US-ASCII
+      string: grant_type=authorization_code&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&code=<AUTH_CODE>
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '189'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-store
+      Content-Type:
+      - application/json
+      Date:
+      - Tue, 04 Nov 2014 16:38:10 GMT
+      Etag:
+      - '"fc3490b779796351d40312ba491c69c2"'
+      Pragma:
+      - no-cache
+      Server:
+      - nginx
+      Status:
+      - 200 OK
+      Strict-Transport-Security:
+      - max-age=31536000
+      - max-age=31536000; includeSubDomains;
+      X-Rack-Cache:
+      - invalidate, pass
+      X-Request-Id:
+      - 386d8523-f838-4023-a096-f74bc6c6291e
+      X-Runtime:
+      - '0.059499'
+      Content-Length:
+      - '141'
+      Connection:
+      - keep-alive
+    body:
+      encoding: UTF-8
+      string: '{"access_token":"<%= access_token %>","refresh_token":"<%= refresh_token %>","token_type":"bearer","expires_in":899}'
+    http_version: 
+  recorded_at: Tue, 04 Nov 2014 16:38:11 GMT
+recorded_with: VCR 2.9.3

data/spec/fixtures/vcr_cassettes/token_refresh.yml

@@ -0,0 +1,57 @@
+---
+http_interactions:
+- request:
+    method: post
+    uri: https://<TEST_SUBDOMAIN>.namely.com/api/v1/oauth2/token?redirect_uri=<CLIENT_REDIRECT_URI>
+    body:
+      encoding: US-ASCII
+      string: grant_type=refresh_token&client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&refresh_token=<TEST_REFRESH_TOKEN>
+    headers:
+      Accept:
+      - "*/*; q=0.5, application/xml"
+      Accept-Encoding:
+      - gzip, deflate
+      Content-Length:
+      - '193'
+      Content-Type:
+      - application/x-www-form-urlencoded
+      User-Agent:
+      - Ruby
+  response:
+    status:
+      code: 200
+      message: OK
+    headers:
+      Cache-Control:
+      - no-store
+      Content-Type:
+      - application/json
+      Date:
+      - Tue, 04 Nov 2014 17:06:29 GMT
+      Etag:
+      - '"c4566dc1eddea53969e88a3bc69cdfb3"'
+      Pragma:
+      - no-cache
+      Server:
+      - nginx/1.6.2
+      Status:
+      - 200 OK
+      Strict-Transport-Security:
+      - max-age=31536000
+      - max-age=31536000; includeSubDomains;
+      X-Rack-Cache:
+      - invalidate, pass
+      X-Request-Id:
+      - e2d5a360-d44d-4198-8528-ceb6ad91bd6c
+      X-Runtime:
+      - '0.045489'
+      Content-Length:
+      - '90'
+      Connection:
+      - keep-alive
+    body:
+      encoding: UTF-8
+      string: '{"access_token":"<%= access_token %>","token_type":"bearer","expires_in":899}'
+    http_version: 
+  recorded_at: Tue, 04 Nov 2014 17:06:29 GMT
+recorded_with: VCR 2.9.3

data/spec/namely/authenticator_spec.rb

@@ -0,0 +1,143 @@
+require "spec_helper"
+require "cgi"
+require "uri"
+
+describe Namely::Authenticator do
+  describe "#auth_code_url" do
+    it "returns a URL to begin the authorization code URL flow" do
+      authenticator = described_class.new(
+        client_id: "MY_CLIENT_ID",
+        client_secret: "MY_CLIENT_SECRET",
+      )
+
+      authorization_code_url = authenticator.authorization_code_url(
+        subdomain: "ellingsonmineral",
+        redirect_uri: "http://www.example.com/authenticated",
+      )
+
+      parsed_uri = URI(authorization_code_url)
+      parsed_query = CGI.parse(parsed_uri.query)
+      expect(parsed_uri.scheme).to eq "https"
+      expect(parsed_uri.host).to eq "ellingsonmineral.namely.com"
+      expect(parsed_uri.path).to eq "/api/v1/oauth2/authorize"
+      expect(parsed_query).to eq(
+        "response_type" => ["code"],
+        "approve" => ["true"],
+        "client_id" => ["MY_CLIENT_ID"],
+        "redirect_uri" => ["http://www.example.com/authenticated"],
+      )
+    end
+
+    it "allows the redirect_uri to be omitted" do
+      authenticator = described_class.new(
+        client_id: "MY_CLIENT_ID",
+        client_secret: "MY_CLIENT_SECRET",
+      )
+
+      authorization_code_url = authenticator.authorization_code_url(
+        subdomain: "ellingsonmineral",
+      )
+
+      parsed_uri = URI(authorization_code_url)
+      parsed_query = CGI.parse(parsed_uri.query)
+      expect(parsed_query).to eq(
+        "response_type" => ["code"],
+        "approve" => ["true"],
+        "client_id" => ["MY_CLIENT_ID"],
+      )
+    end
+
+    it "escapes reserved characters in query parameters" do
+      authenticator = described_class.new(
+        client_id: "MY_CLIENT_ID",
+        client_secret: "MY_CLIENT_SECRET",
+      )
+      redirect_uri = "http://example.com/?auth=true&provider=namely"
+
+      authorization_code_url = authenticator.authorization_code_url(
+        subdomain: "ellingsonmineral",
+        redirect_uri: redirect_uri,
+      )
+
+      parsed_uri = URI(authorization_code_url)
+      parsed_query = CGI.parse(parsed_uri.query)
+      expect(parsed_query["redirect_uri"]).to eq [redirect_uri]
+    end
+
+    it "allows the host and protocol to be overridden" do
+      authenticator = described_class.new(
+        client_id: "MY_CLIENT_ID",
+        client_secret: "MY_CLIENT_SECRET",
+      )
+
+      authorization_code_url = authenticator.authorization_code_url(
+        protocol: "http",
+        host: "testing.example.com",
+      )
+
+      parsed_uri = URI(authorization_code_url)
+      expect(parsed_uri.scheme).to eq "http"
+      expect(parsed_uri.host).to eq "testing.example.com"
+    end
+  end
+
+  describe "#retrieve_tokens" do
+    it "exchanges an authorization code for access and refresh tokens" do
+      erb_settings = {
+        erb: {
+          access_token: "MY_ACCESS_TOKEN",
+          refresh_token: "MY_REFRESH_TOKEN",
+        }
+      }
+
+      VCR.use_cassette("token", erb_settings) do
+        authenticator = described_class.new(
+          client_id: ENV.fetch("CLIENT_ID"),
+          client_secret: ENV.fetch("CLIENT_SECRET"),
+        )
+
+        tokens = authenticator.retrieve_tokens(
+          subdomain: ENV.fetch("TEST_SUBDOMAIN"),
+          code: ENV.fetch("AUTH_CODE"),
+          redirect_uri: ENV.fetch("CLIENT_REDIRECT_URI"),
+        )
+
+        expect(tokens).to eq(
+          "access_token" => "MY_ACCESS_TOKEN",
+          "refresh_token" => "MY_REFRESH_TOKEN",
+          "expires_in" => 899,
+          "token_type" => "bearer",
+        )
+      end
+    end
+  end
+
+  describe "#refresh_access_token" do
+    it "uses a refresh token to retrieve a new access token" do
+      erb_settings = {
+        erb: {
+          access_token: "MY_ACCESS_TOKEN",
+        }
+      }
+
+      VCR.use_cassette("token_refresh", erb_settings) do
+        authenticator = described_class.new(
+          client_id: ENV.fetch("CLIENT_ID"),
+          client_secret: ENV.fetch("CLIENT_SECRET"),
+        )
+
+        tokens = authenticator.refresh_access_token(
+          subdomain: ENV.fetch("TEST_SUBDOMAIN"),
+          refresh_token: ENV.fetch("TEST_REFRESH_TOKEN"),
+          redirect_uri: ENV.fetch("CLIENT_REDIRECT_URI"),
+        )
+
+        expect(tokens).to eq(
+          "access_token" => "MY_ACCESS_TOKEN",
+          "expires_in" => 899,
+          "token_type" => "bearer",
+        )
+      end
+    end
+  end
+end