omniauth-lightspeed-oauth2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 4e0388af4fb289084daa95123f01a0c532dae82fbec4179c57fb04094844eb56
+  data.tar.gz: bcdf3b11953c6ed45b896930156f30985efe4a1f21cb80da044ea70ee7d032e9
+SHA512:
+  metadata.gz: d8385048e53c543e1655765ee70b1915777f001871427450e5a3b97ceb0a6f508053738f12fe69033b29531acd477e9af9c76ec02557770c5429a8f5011613bf
+  data.tar.gz: 333e5a0a219d3c96b1cd53aa7c4f83210411fed0723204ca580449e54309c6cec88760ffa731561f3ec232d2788646d9def40b433cd0527571b1d606971c1db1

data/CHANGELOG.md

@@ -0,0 +1,14 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+## [0.1.0] - 2026-03-16
+
+### Added
+
+- Initial release
+- OmniAuth OAuth2 strategy for Lightspeed Restaurant (K-Series)
+- Support for trial and production environments
+- Business info fetching (business name, currency, location, timezone)
+- Token exchange with redirect_uri query param stripping
+- 100% line and branch test coverage

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 dan1d
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,178 @@
+# OmniAuth Lightspeed OAuth2
+
+[![Gem Version](https://badge.fury.io/rb/omniauth-lightspeed-oauth2.svg)](https://badge.fury.io/rb/omniauth-lightspeed-oauth2)
+[![CI](https://github.com/dan1d/omniauth-lightspeed-oauth2/actions/workflows/ci.yml/badge.svg)](https://github.com/dan1d/omniauth-lightspeed-oauth2/actions/workflows/ci.yml)
+[![Coverage](https://img.shields.io/badge/coverage-100%25-brightgreen)](https://github.com/dan1d/omniauth-lightspeed-oauth2)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+OmniAuth strategy for [Lightspeed Restaurant (K-Series)](https://www.lightspeedhq.com/pos/restaurant/) OAuth2 authentication.
+
+Lightspeed K-Series uses OpenID Connect (Keycloak) with standard OAuth2 Authorization Code Grant. This gem handles the full OAuth2 flow, token exchange, and fetches business information from the Lightspeed K-Series API.
+
+## Installation
+
+Add to your Gemfile:
+
+```ruby
+gem 'omniauth-lightspeed-oauth2'
+```
+
+Then run:
+
+```bash
+bundle install
+```
+
+## Usage
+
+### Rails with Devise
+
+```ruby
+# config/initializers/devise.rb
+config.omniauth :lightspeed_oauth2,
+  ENV['LIGHTSPEED_CLIENT_ID'],
+  ENV['LIGHTSPEED_CLIENT_SECRET'],
+  environment: Rails.env.production? ? :production : :trial
+```
+
+### Standalone OmniAuth
+
+```ruby
+# config.ru or initializer
+use OmniAuth::Builder do
+  provider :lightspeed_oauth2,
+    ENV['LIGHTSPEED_CLIENT_ID'],
+    ENV['LIGHTSPEED_CLIENT_SECRET'],
+    environment: :trial
+end
+```
+
+### Environments
+
+| Environment | Auth Server | API Server |
+|-------------|-------------|------------|
+| `:trial` (default) | `auth.lsk-demo.app` | `api.trial.lsk.lightspeed.app` |
+| `:production` | `auth.lsk-prod.app` | `api.lsk.lightspeed.app` |
+
+## Auth Hash
+
+After successful authentication, the auth hash contains:
+
+```ruby
+{
+  provider: 'lightspeed_oauth2',
+  uid: '12345',                          # Lightspeed business ID
+  info: {
+    business_name: 'My Restaurant',
+    currency_code: 'USD',
+    location_id: 67890,
+    location_name: 'Main Location',
+    country: 'US',
+    timezone: 'America/New_York'
+  },
+  credentials: {
+    token: 'access_token_value',
+    refresh_token: 'refresh_token_value',
+    expires_at: 1234567890,
+    expires: true
+  },
+  extra: {
+    raw_info: {
+      'business_id' => 12345,
+      'business_name' => 'My Restaurant',
+      'currency_code' => 'USD',
+      'location_id' => 67890,
+      'location_name' => 'Main Location',
+      'country' => 'US',
+      'timezone' => 'America/New_York'
+    }
+  }
+}
+```
+
+## Configuration Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `environment` | `:trial` | API environment (`:trial` or `:production`) |
+| `scope` | `openid` | OAuth2 scopes to request |
+
+## Callback URL
+
+Register your callback URL in the [Lightspeed Developer Portal](https://developers.lightspeedhq.com/):
+
+```
+https://yourdomain.com/auth/lightspeed_oauth2/callback
+```
+
+For development with ngrok:
+
+```
+https://yourapp.ngrok.dev/auth/lightspeed_oauth2/callback
+```
+
+**Note:** Lightspeed requires the `redirect_uri` to match exactly. This gem automatically strips query parameters from the callback URL during token exchange to ensure matching.
+
+## Token Refresh
+
+Access tokens expire. Use the refresh token to obtain new pairs:
+
+```ruby
+client = OAuth2::Client.new(
+  ENV['LIGHTSPEED_CLIENT_ID'],
+  ENV['LIGHTSPEED_CLIENT_SECRET'],
+  site: 'https://api.trial.lsk.lightspeed.app',
+  token_url: 'https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/token'
+)
+
+token = OAuth2::AccessToken.from_hash(client, {
+  access_token: stored_access_token,
+  refresh_token: stored_refresh_token
+})
+
+new_token = token.refresh!
+# Store new_token.token and new_token.refresh_token
+```
+
+## Development
+
+```bash
+git clone https://github.com/dan1d/omniauth-lightspeed-oauth2.git
+cd omniauth-lightspeed-oauth2
+bundle install
+
+# Run tests (100% line + branch coverage enforced)
+bundle exec rspec
+
+# Run linter
+bundle exec rubocop
+
+# Run both
+bundle exec rake
+```
+
+## Testing
+
+20 examples with 100% line and branch coverage enforced via SimpleCov. The test suite uses WebMock to stub all HTTP requests.
+
+## Contributing
+
+1. Fork it
+2. Create your feature branch (`git checkout -b feature/my-feature`)
+3. Write tests first (TDD)
+4. Ensure 100% coverage: `bundle exec rspec`
+5. Ensure no RuboCop offenses: `bundle exec rubocop`
+6. Commit your changes
+7. Push to the branch
+8. Create a Pull Request
+
+## License
+
+MIT License. See [LICENSE.txt](LICENSE.txt) for details.
+
+## Links
+
+- [Lightspeed K-Series API Docs](https://api-docs.lsk.lightspeed.app/)
+- [Lightspeed Developer Portal](https://developers.lightspeedhq.com/)
+- [OmniAuth](https://github.com/omniauth/omniauth)
+- [OmniAuth OAuth2](https://github.com/omniauth/omniauth-oauth2)

data/lib/omniauth/lightspeed_oauth2/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module LightspeedOauth2
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth/strategies/lightspeed_oauth2.rb

@@ -0,0 +1,128 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'faraday'
+require 'json'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for Lightspeed Restaurant (K-Series) OAuth2.
+    #
+    # Lightspeed uses OpenID Connect (Keycloak) with standard OAuth2 Authorization Code Grant.
+    # Access tokens expire; use refresh tokens to obtain new pairs.
+    #
+    # Demo/Trial: auth.lsk-demo.app, api.trial.lsk.lightspeed.app
+    # Production: auth.lsk-prod.app, api.lsk.lightspeed.app
+    #
+    # @example Basic usage
+    #   provider :lightspeed_oauth2, ENV['LIGHTSPEED_CLIENT_ID'], ENV['LIGHTSPEED_CLIENT_SECRET']
+    #
+    # @example With custom environment
+    #   provider :lightspeed_oauth2, ENV['LIGHTSPEED_CLIENT_ID'], ENV['LIGHTSPEED_CLIENT_SECRET'],
+    #     environment: :production
+    #
+    class LightspeedOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, 'lightspeed_oauth2'
+
+      option :environment, :trial
+
+      option :client_options, {
+        site: 'https://api.trial.lsk.lightspeed.app',
+        authorize_url: 'https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/auth',
+        token_url: 'https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/token',
+        auth_scheme: :basic_auth
+      }
+
+      option :authorize_params, {
+        scope: 'openid'
+      }
+
+      ENVIRONMENTS = {
+        trial: {
+          site: 'https://api.trial.lsk.lightspeed.app',
+          authorize_url: 'https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/auth',
+          token_url: 'https://auth.lsk-demo.app/realms/k-series/protocol/openid-connect/token'
+        },
+        production: {
+          site: 'https://api.lsk.lightspeed.app',
+          authorize_url: 'https://auth.lsk-prod.app/realms/k-series/protocol/openid-connect/auth',
+          token_url: 'https://auth.lsk-prod.app/realms/k-series/protocol/openid-connect/token'
+        }
+      }.freeze
+
+      def setup_phase
+        env = options[:environment]&.to_sym || :trial
+        urls = ENVIRONMENTS.fetch(env, ENVIRONMENTS[:trial])
+        options.client_options.merge!(urls)
+        super
+      end
+
+      # UID is the Lightspeed business ID
+      uid { raw_info['business_id']&.to_s }
+
+      info do
+        {
+          business_name: raw_info['business_name'],
+          currency_code: raw_info['currency_code'],
+          location_id: raw_info['location_id'],
+          location_name: raw_info['location_name'],
+          country: raw_info['country'],
+          timezone: raw_info['timezone']
+        }
+      end
+
+      extra do
+        { raw_info: raw_info }
+      end
+
+      def raw_info
+        @raw_info ||= fetch_business_info
+      end
+
+      # Override to strip query params from callback_url for redirect_uri matching.
+      def build_access_token
+        redirect_uri = callback_url.sub(/\?.*/, '')
+        log(:info, "Token exchange — site: #{client.site}, redirect_uri: #{redirect_uri}")
+        verifier = request.params['code']
+        client.auth_code.get_token(
+          verifier,
+          { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true)),
+          deep_symbolize(options.auth_token_params)
+        )
+      rescue ::OAuth2::Error => e
+        log(:error, "Token exchange FAILED: status=#{e.response&.status} body=#{e.response&.body}")
+        raise
+      end
+
+      private
+
+      def fetch_business_info
+        response = access_token.get('/f/data/businesses?page=0&size=10')
+        data = JSON.parse(response.body)
+
+        businesses = data.dig('_embedded', 'businessList') || []
+        business = businesses.first || {}
+        location = (business['businessLocations'] || []).first || {}
+
+        {
+          'business_id' => business['businessId'],
+          'business_name' => business['businessName'],
+          'currency_code' => business['currencyCode'],
+          'location_id' => location['blID'],
+          'location_name' => location['blName'],
+          'country' => location['country'],
+          'timezone' => location['timezone']
+        }
+      rescue StandardError => e
+        log(:warn, "Failed to fetch business info: #{e.message}")
+        { 'business_id' => nil }
+      end
+
+      def log(level, message)
+        return unless defined?(OmniAuth.logger) && OmniAuth.logger
+
+        OmniAuth.logger.send(level, "[LightspeedOauth2] #{message}")
+      end
+    end
+  end
+end

data/lib/omniauth-lightspeed-oauth2.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'omniauth/lightspeed_oauth2/version'
+require 'omniauth/strategies/lightspeed_oauth2'

metadata

@@ -0,0 +1,197 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-lightspeed-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- dan1d
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: faraday
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.0'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: rack-test
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.1'
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '13.0'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+description: An OmniAuth strategy for authenticating with Lightspeed Restaurant (K-Series)
+  using OAuth 2.0. Supports trial and production environments.
+email:
+- dan1d@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/omniauth-lightspeed-oauth2.rb
+- lib/omniauth/lightspeed_oauth2/version.rb
+- lib/omniauth/strategies/lightspeed_oauth2.rb
+homepage: https://github.com/dan1d/omniauth-lightspeed-oauth2
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/dan1d/omniauth-lightspeed-oauth2
+  source_code_uri: https://github.com/dan1d/omniauth-lightspeed-oauth2
+  changelog_uri: https://github.com/dan1d/omniauth-lightspeed-oauth2/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: OmniAuth OAuth2 strategy for Lightspeed Restaurant (K-Series)
+test_files: []