omniauth-doordash-oauth2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 250a2fe65c8b77872dd07f6efc706f4205e21b585f7544b754e0aa725a8324b6
+  data.tar.gz: 639c028411988132f1ddf50d2ade83751eb7c73aa4f559f6ff899d3f0c044037
+SHA512:
+  metadata.gz: 0f0d8036694cea5cc1f21e69f2b631e8af197f15d3829465071ac31450f4336463510024bbaee519d28b7af13ef4434f6df46ba0d99aa53399ea77b991fd8131
+  data.tar.gz: a9bbea25db14467b707a861c978ed3850e61297dba10086ab2db340f4f801e7584c7b2ea3e3779c818bf720f520b64507d4d2224eaf45fb35a92d86e372723af

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+
+## [0.1.0] - 2026-03-16
+
+### Added
+
+- Initial release
+- JWT-based authentication strategy for DoorDash (HMAC-SHA256)
+- Automatic business info fetching from `/developer/v1/businesses`
+- Base64url signing secret decoding with automatic padding
+- Fallback to `developer_id` when API is unavailable
+- 100% line and branch test coverage

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 dan1d
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,138 @@
+# OmniAuth DoorDash OAuth2
+
+[![Gem Version](https://badge.fury.io/rb/omniauth-doordash-oauth2.svg)](https://badge.fury.io/rb/omniauth-doordash-oauth2)
+[![CI](https://github.com/dan1d/omniauth-doordash-oauth2/actions/workflows/ci.yml/badge.svg)](https://github.com/dan1d/omniauth-doordash-oauth2/actions/workflows/ci.yml)
+[![Coverage: 100%](https://img.shields.io/badge/coverage-100%25-brightgreen)](https://github.com/dan1d/omniauth-doordash-oauth2)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+An [OmniAuth](https://github.com/omniauth/omniauth) strategy for authenticating with [DoorDash](https://developer.doordash.com/) using JWT-based authentication.
+
+**Note:** DoorDash does NOT use standard OAuth2 flows. Instead, each API request is signed with a JWT using HMAC-SHA256. This gem implements `OmniAuth::Strategy` directly (not `OmniAuth::Strategies::OAuth2`).
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-doordash-oauth2'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+Or install it yourself as:
+
+```bash
+gem install omniauth-doordash-oauth2
+```
+
+## Usage
+
+### Rails with Devise
+
+In your `config/initializers/devise.rb`:
+
+```ruby
+config.omniauth :doordash_oauth2,
+  developer_id: ENV["DOORDASH_DEVELOPER_ID"],
+  key_id: ENV["DOORDASH_KEY_ID"],
+  signing_secret: ENV["DOORDASH_SIGNING_SECRET"]
+```
+
+### Standalone OmniAuth
+
+In your Rack middleware configuration:
+
+```ruby
+use OmniAuth::Builder do
+  provider :doordash_oauth2,
+    developer_id: ENV["DOORDASH_DEVELOPER_ID"],
+    key_id: ENV["DOORDASH_KEY_ID"],
+    signing_secret: ENV["DOORDASH_SIGNING_SECRET"]
+end
+```
+
+## Auth Hash Schema
+
+The auth hash returned by this strategy has the following structure:
+
+```ruby
+{
+  provider: "doordash_oauth2",
+  uid: "external_business_id",  # Falls back to developer_id if API unavailable
+  info: {
+    name: "Store Name",
+    business_name: "Store Name",
+    email: nil                  # DoorDash does not provide merchant email
+  },
+  extra: {
+    raw_info: {
+      "store_id" => "external_business_id",
+      "store_name" => "Store Name",
+      "id" => "external_business_id"
+    }
+  }
+}
+```
+
+## JWT Authentication Details
+
+DoorDash uses JWT-based authentication instead of OAuth2. Each API request includes a signed JWT in the `Authorization` header.
+
+### JWT Header
+
+```json
+{
+  "alg": "HS256",
+  "dd-ver": "DD-JWT-V1"
+}
+```
+
+### JWT Payload
+
+```json
+{
+  "aud": "doordash",
+  "iss": "<developer_id>",
+  "kid": "<key_id>",
+  "exp": "<now + 300>",
+  "iat": "<now>"
+}
+```
+
+The signing secret is base64url-encoded. The gem automatically decodes it (adding padding if needed) before signing.
+
+## Configuration Options
+
+| Option | Required | Default | Description |
+|--------|----------|---------|-------------|
+| `developer_id` | Yes | `nil` | Your DoorDash developer ID |
+| `key_id` | Yes | `nil` | Your DoorDash key ID |
+| `signing_secret` | Yes | `nil` | Your DoorDash signing secret (base64url-encoded) |
+| `api_base_url` | No | `https://openapi.doordash.com` | DoorDash API base URL |
+
+## Development
+
+After checking out the repo, run `bundle install` to install dependencies.
+
+```bash
+# Run tests
+bundle exec rspec
+
+# Run linter
+bundle exec rubocop
+
+# Run both (default rake task)
+bundle exec rake
+```
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at https://github.com/dan1d/omniauth-doordash-oauth2.
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/omniauth/doordash_oauth2/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module DoordashOauth2
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth/strategies/doordash_oauth2.rb

@@ -0,0 +1,140 @@
+# frozen_string_literal: true
+
+require 'omniauth'
+require 'jwt'
+require 'net/http'
+require 'json'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for DoorDash (Delivery provider).
+    #
+    # DoorDash does NOT use OAuth2. Instead, each API request is authenticated
+    # via a JWT signed with HMAC-SHA256 using developer credentials:
+    #   - developer_id: identifies the developer account
+    #   - key_id: identifies the specific credential set
+    #   - signing_secret: used to sign the JWT (HS256)
+    #
+    # JWTs are valid for up to 30 minutes. A new JWT is generated per request.
+    #
+    # Since DoorDash has no OAuth user-redirect flow, this strategy implements
+    # a credential-based "connection" flow where the merchant enters their
+    # DoorDash store ID and we validate it by calling the DoorDash API.
+    #
+    # API docs: https://developer.doordash.com/en-US/docs/drive/how_to/JWTs/
+    #
+    # Usage:
+    #   config.omniauth :doordash_oauth2,
+    #     developer_id: ENV["DOORDASH_DEVELOPER_ID"],
+    #     key_id: ENV["DOORDASH_KEY_ID"],
+    #     signing_secret: ENV["DOORDASH_SIGNING_SECRET"]
+    #
+    class DoordashOauth2
+      include OmniAuth::Strategy
+
+      option :name, 'doordash_oauth2'
+
+      # DoorDash credentials (not standard OAuth2 client_id/secret)
+      option :developer_id, nil
+      option :key_id, nil
+      option :signing_secret, nil
+
+      option :api_base_url, 'https://openapi.doordash.com'
+
+      # DoorDash JWT header fields
+      JWT_VERSION = 1
+      JWT_ALGORITHM = 'HS256'
+      TOKEN_LIFETIME = 300 # 5 minutes (conservative; max is 30 min)
+
+      uid { raw_info['store_id'] || raw_info['id'] }
+
+      info do
+        {
+          name: raw_info['store_name'],
+          business_name: raw_info['store_name'],
+          email: nil # DoorDash doesn't provide merchant email
+        }
+      end
+
+      extra do
+        { raw_info: raw_info }
+      end
+
+      def raw_info
+        @raw_info ||= fetch_store_info
+      end
+
+      # Generate a signed JWT for DoorDash API authentication.
+      #
+      # @return [String] signed JWT
+      def generate_jwt
+        now = Time.now.to_i
+        payload = {
+          aud: 'doordash',
+          iss: options[:developer_id],
+          kid: options[:key_id],
+          exp: now + TOKEN_LIFETIME,
+          iat: now
+        }
+        header = {
+          algorithm: JWT_ALGORITHM,
+          'dd-ver': "DD-JWT-V#{JWT_VERSION}"
+        }
+        decoded_secret = decode_signing_secret(options[:signing_secret])
+        JWT.encode(payload, decoded_secret, JWT_ALGORITHM, header)
+      end
+
+      # Decode the DoorDash signing secret from base64url.
+      # DoorDash provides the secret as a base64url-encoded string.
+      # Adds padding if needed before decoding.
+      #
+      # @param secret [String] base64url-encoded signing secret
+      # @return [String] decoded binary secret
+      def decode_signing_secret(secret)
+        padded = secret.to_s
+        padded += '=' * (4 - (padded.length % 4)) unless (padded.length % 4).zero?
+        Base64.urlsafe_decode64(padded)
+      end
+
+      private
+
+      def fetch_store_info
+        response = request_businesses
+        parsed = JSON.parse(response.body)
+        build_store_info(parsed)
+      rescue StandardError => e
+        log(:warn, "Failed to fetch store info: #{e.message}")
+        { 'store_id' => options[:developer_id] }
+      end
+
+      def request_businesses
+        jwt = generate_jwt
+        uri = URI("#{options[:api_base_url]}/developer/v1/businesses")
+        http = Net::HTTP.new(uri.host, uri.port)
+        http.use_ssl = true
+
+        req = Net::HTTP::Get.new(uri)
+        req['Authorization'] = "Bearer #{jwt}"
+        req['Content-Type'] = 'application/json'
+
+        http.request(req)
+      end
+
+      def build_store_info(parsed)
+        businesses = parsed['businesses'] || []
+        business = businesses.first
+
+        if business
+          store_id = business['external_business_id'] || business['id']
+          { 'store_id' => store_id, 'store_name' => business['name'], 'id' => store_id }
+        else
+          { 'store_id' => options[:developer_id] }
+        end
+      end
+
+      def log(level, message)
+        OmniAuth.logger.send(level, "[DoordashOauth2] #{message}")
+      end
+    end
+  end
+end

data/lib/omniauth-doordash-oauth2.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'omniauth'
+require 'omniauth/doordash_oauth2/version'
+require 'omniauth/strategies/doordash_oauth2'

metadata

@@ -0,0 +1,164 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-doordash-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- dan1d
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: jwt
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: simplecov-json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+description: An OmniAuth strategy for authenticating with DoorDash using JWT-based
+  authentication (HMAC-SHA256). DoorDash does not use standard OAuth2 flows; instead,
+  each API request is signed with a JWT using developer credentials.
+email:
+- dan1d@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/omniauth-doordash-oauth2.rb
+- lib/omniauth/doordash_oauth2/version.rb
+- lib/omniauth/strategies/doordash_oauth2.rb
+homepage: https://github.com/dan1d/omniauth-doordash-oauth2
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/dan1d/omniauth-doordash-oauth2
+  source_code_uri: https://github.com/dan1d/omniauth-doordash-oauth2
+  changelog_uri: https://github.com/dan1d/omniauth-doordash-oauth2/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.1.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: OmniAuth strategy for DoorDash using JWT authentication
+test_files: []