omniauth-mixin 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: ae416877ae5adbc3caa01a07735133f4594fa480320d06b0c8e4f2500b09c2d6
+  data.tar.gz: b71d2bf24f520a7435cde90f1489292050adcfee2a922b426c36482a660472c2
+SHA512:
+  metadata.gz: 178808a26b48feb8e95a1b5a7f23c69a2c56b8cf0c95890aca4457a98f99f63bb03b5c64c5fcc2dedd39608f194b50b517b18e7014561995d87ff613b4c6fadc
+  data.tar.gz: '094b8e4d23d32de702bfc9a65c2e53ffd3e3218518754abf7d93d1526b5a8f572a0ff2941f9f323c5b48e7cee7c94f027ad55776661fe2d4ed2eea641be5381c'

data/LICENSE.txt

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2025 an-lee
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

data/README.md

@@ -0,0 +1,65 @@
+# Omniauth::Mixin
+
+OmniAuth OAuth2 strategy for Mixin authentication.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-mixin'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+## Usage
+
+```ruby
+use OmniAuth::Builder do
+  provider :mixin, ENV['MIXIN_CLIENT_ID'], ENV['MIXIN_CLIENT_SECRET']
+end
+```
+
+## Configuration
+
+You need to register your application in Mixin Developer Dashboard to get the client ID and client secret.
+
+Required parameters:
+
+- `client_id`: Your Mixin application's client ID
+- `client_secret`: Your Mixin application's client secret
+
+### Auth Hash
+
+Here's an example of the Auth Hash available in `request.env['omniauth.auth']`:
+
+```ruby
+{
+  "provider"=>"mixin",
+  "uid"=>"1234567890",
+  "info"=>{"name"=>"John Doe", "email"=>"john.doe@example.com", "nickname"=>"john_doe"},
+  "extra"=>{"raw_info"=>{"user_id"=>"1234567890", "full_name"=>"John Doe", "identity_number"=>"1234567890", "avatar_url"=>"https://example.com/avatar.png"}}
+}
+```
+
+## Development
+
+After checking out the repo, run `bin/setup` to install dependencies. Then, run `rake test` to run the tests. You can also run `bin/console` for an interactive prompt that will allow you to experiment.
+
+To install this gem onto your local machine, run `bundle exec rake install`. To release a new version, update the version number in `version.rb`, and then run `bundle exec rake release`, which will create a git tag for the version, push git commits and the created tag, and push the `.gem` file to [rubygems.org](https://rubygems.org).
+
+## Contributing
+
+Bug reports and pull requests are welcome on GitHub at <https://github.com/an-lee/omniauth-mixin>. This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the [code of conduct](https://github.com/an-lee/omniauth-mixin/blob/main/CODE_OF_CONDUCT.md).
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).
+
+## Code of Conduct
+
+Everyone interacting in the Omniauth::Mixin project's codebases, issue trackers, chat rooms and mailing lists is expected to follow the [code of conduct](https://github.com/an-lee/omniauth-mixin/blob/main/CODE_OF_CONDUCT.md).

data/lib/omniauth/mixin/configuration.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+# OmniAuth strategy for Mixin authentication
+# Provides OAuth2 based authentication for Mixin Network
+module OmniAuth
+  # Mixin module for OmniAuth
+  module Mixin
+    # Configuration class for OmniAuth Mixin strategy
+    # Handles customizable options for the authentication process
+    class Configuration
+      attr_accessor :scope, :prompt, :state_handler
+
+      def initialize
+        @scope = "PROFILE:READ"
+        @prompt = nil
+        @state_handler = -> { SecureRandom.hex(16) }
+      end
+    end
+
+    class << self
+      def configuration
+        Thread.current[:omniauth_mixin_configuration] ||= Configuration.new
+      end
+
+      def configure
+        yield(configuration)
+      end
+
+      def reset_configuration!
+        Thread.current[:omniauth_mixin_configuration] = nil
+      end
+    end
+  end
+end

data/lib/omniauth/mixin/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module Omniauth
+  module Mixin
+    VERSION = "0.1.0"
+  end
+end

data/lib/omniauth/mixin.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+require_relative "mixin/version"
+require "omniauth/strategies/mixin"
+require "omniauth/strategies/mixin/client"
+require "omniauth/mixin/configuration"
+
+module Omniauth
+  module Mixin
+    class Error < StandardError; end
+  end
+end

data/lib/omniauth/strategies/mixin/client.rb

@@ -0,0 +1,47 @@
+# frozen_string_literal: true
+
+require "omniauth-oauth2"
+require "json"
+
+module OmniAuth
+  module Strategies
+    class Mixin
+      # OAuth2 client implementation for Mixin Network authentication.
+      # Handles token exchange and API communication with Mixin endpoints.
+      class Client < ::OAuth2::Client
+        def get_token(params, access_token_opts = {}, _extract_access_token = nil)
+          response = request(:post, token_url, token_params(params))
+          parsed = JSON.parse(response.body)
+
+          if parsed["error"]
+            error = parsed["error"]
+            raise ::OAuth2::Error,
+                  "Mixin API Error: #{error["description"]} (Status: #{error["status"]}, Code: #{error["code"]})"
+          end
+
+          token_data = parsed["data"]
+          raise ::OAuth2::Error, "Invalid response format from Mixin API: missing data field" unless token_data
+
+          ::OAuth2::AccessToken.new(
+            self,
+            token_data["access_token"],
+            {
+              refresh_token: token_data["refresh_token"],
+              expires_in: token_data["expires_in"],
+              token_type: token_data["token_type"] || "Bearer"
+            }.merge(access_token_opts)
+          )
+        end
+
+        private
+
+        def token_params(params)
+          {
+            headers: { "Content-Type" => "application/json" },
+            body: params.to_json
+          }
+        end
+      end
+    end
+  end
+end

data/lib/omniauth/strategies/mixin.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+require "omniauth-oauth2"
+require "json"
+require "uri"
+require "securerandom"
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for authenticating with Mixin using OAuth2
+    class Mixin < OmniAuth::Strategies::OAuth2
+      option :name, "mixin"
+
+      option :client_options, {
+        site: "https://api.mixin.one",
+        authorize_url: "https://mixin.one/oauth/authorize",
+        token_url: "https://api.mixin.one/oauth/token"
+      }
+
+      uid { raw_info&.dig("user_id") }
+
+      info do
+        {
+          name: raw_info["full_name"],
+          email: raw_info["identity_number"],
+          nickname: raw_info["full_name"],
+          avatar: raw_info["avatar_url"]
+        }
+      end
+
+      extra do
+        {
+          raw_info: raw_info
+        }
+      end
+
+      credentials do
+        hash = {
+          "token" => access_token.token
+        }
+        hash["refresh_token"] = access_token.refresh_token if access_token.refresh_token
+        hash["expires_at"] = access_token.expires_at if access_token.expires_at
+        hash["expires"] = access_token.expires?
+        hash["scope"] = access_token.params["scope"] || options[:scope] || OmniAuth::Mixin.configuration.scope
+        hash
+      end
+
+      def build_access_token
+        verifier = request.params["code"]
+        client.get_token(
+          {
+            client_id: options.client_id,
+            client_secret: options.client_secret,
+            code: verifier,
+            grant_type: "authorization_code",
+            redirect_uri: callback_url
+          }
+        )
+      rescue ::OAuth2::Error => e
+        raise e # Simply re-raise the error for testing purposes
+      rescue StandardError => e
+        raise ::OAuth2::Error, e.message
+      end
+
+      def raw_info
+        @raw_info ||= begin
+          response = access_token.get("/me")
+          parse_nested_response(response)
+        rescue ::OAuth2::Error, JSON::ParserError => e
+          handle_raw_info_error(e)
+        end
+      end
+
+      # Override callback_url to use modern URI parsing
+      def callback_url
+        full_host + callback_path
+      end
+
+      def client
+        @client ||= ::OmniAuth::Strategies::Mixin::Client.new(
+          options.client_id,
+          options.client_secret,
+          deep_symbolize(options.client_options).merge(
+            connection_opts: {
+              request: { timeout: 5, open_timeout: 2 }
+            }
+          )
+        )
+      end
+
+      def valid_request?
+        return false unless request.params["state"]
+        return false unless session["omniauth.state"]
+
+        request.params["state"] == session["omniauth.state"]
+      end
+
+      def authorize_params
+        super.tap do |params|
+          params[:state] = SecureRandom.hex(16)
+          session["omniauth.state"] = params[:state]
+        end
+      end
+
+      private
+
+      def full_host
+        uri = URI.parse(request.url)
+        uri.path = ""
+        uri.query = nil
+        uri.fragment = nil
+        uri.to_s
+      end
+
+      def parse_nested_response(response)
+        parsed = JSON.parse(response.body)
+        parsed["data"] || {}
+      end
+
+      def handle_token_error(error)
+        error_hash = error.response.is_a?(Hash) ? error.response : JSON.parse(error.response.body)
+        fail!(:invalid_credentials, error_hash)
+      end
+
+      def handle_raw_info_error(error)
+        log(:error, "Failed to get user info: #{error.message}")
+        nil
+      end
+
+      def deep_symbolize(hash)
+        hash.each_with_object({}) do |(key, value), result|
+          result[key.to_sym] = value.is_a?(Hash) ? deep_symbolize(value) : value
+        end
+      end
+    end
+  end
+end

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-mixin
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- an-lee
+autorequire:
+bindir: exe
+cert_chain: []
+date: 2025-02-16 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+description: A Ruby gem for OmniAuth OAuth2 strategy for Mixin authentication
+email:
+- an.lee.work@gmail.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- LICENSE.txt
+- README.md
+- lib/omniauth/mixin.rb
+- lib/omniauth/mixin/configuration.rb
+- lib/omniauth/mixin/version.rb
+- lib/omniauth/strategies/mixin.rb
+- lib/omniauth/strategies/mixin/client.rb
+homepage: https://github.com/an-lee/omniauth-mixin
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/an-lee/omniauth-mixin
+  source_code_uri: https://github.com/an-lee/omniauth-mixin
+  changelog_uri: https://github.com/an-lee/omniauth-mixin/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+post_install_message:
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.5.20
+signing_key:
+specification_version: 4
+summary: OmniAuth OAuth2 strategy for Mixin
+test_files: []