omniauth-oauth2-yahoo 1.3.1

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 57770bd32ccb0e5eb4a406d810d048166f4e8ac65dcd20944da7513f1fb55a1b
+  data.tar.gz: fe46335d98ed00c281a43056e383ea2969918c4ba217b3636998a5fbc546722a
+SHA512:
+  metadata.gz: 362d92ec48c64f72cd8a5f4dac112b3f3ef668746085d125d66555e358fce945126fb77173baeb38ace596dffd9f8a6701623b0b7e50e44130c04f7d7c659a44
+  data.tar.gz: 4e275cb412b0df8a8261edc9252321a7223371a9ad20c4cdc95a77c5bf0d6d1b679685535f11e2bc2499154a20c78102d03fda5d80c7963a2ea67fccd661e33f

data/.gitignore

@@ -0,0 +1,4 @@
+*.gem
+.bundle
+Gemfile.lock
+

data/Gemfile

@@ -0,0 +1,3 @@
+source 'https://rubygems.org'
+
+gemspec

data/README.md

@@ -0,0 +1,69 @@
+## omniauth-yahoo-oauth2 ##
+
+An unofficial, hastily-written Oauth2 OmniAuth strategy for Yahoo. Uses the
+authorization flow described at
+https://developer.yahoo.com/oauth2/guide/flows_authcode/.
+
+Built using https://github.com/intridea/omniauth-oauth2.
+
+## Setup ##
+`gem install omniauth-yahoo-oauth2`
+
+Create an app at https://developer.yahoo.com/apps to get a Yahoo client ID and
+secret.
+
+## Usage ##
+```ruby
+# In an initializer
+Rails.application.config.middleware.use OmniAuth::Builder do
+  provider :yahoo_oauth2, yahoo_client_id, yahoo_secret, name: 'yahoo'
+end
+```
+
+See https://github.com/intridea/omniauth for Omniauth instructions.
+
+## Notes ##
+
+OmniAuth doesn't currently have built-in support for Basic Authentication for
+retrieving OAuth2 tokens, so `YahooOauth2::Client` overrides
+`OAuth2::Client#get_token`.  Yahoo also requires `redirect_uri` to be set when
+refreshing the `access_token`, so `YahooOauth2::AccessToken` overrides
+`OAuth2::AccessToken#refresh!` to handle that.
+
+As with other OAuth2 providers, Yahoo returns an `access_token`, a
+`refresh_token`, and an expiration time for the `access_token`. They are
+available in the credentials hash in the callback:
+
+```ruby
+credentials = request.env.fetch('omniauth.auth').fetch(:credentials)
+tokens_hash = {
+  access_token:  credentials[:token],
+  refresh_token: credentials[:refresh_token],
+  expires_at:    credentials[:expires_at]
+}
+```
+
+They should be saved to your application's database.  You can use the
+`access_token` directly or use `YahooOauth2::AccessToken` for requests:
+
+```ruby
+client = YahooOauth2::Client.new(YAHOO_CLIENT_ID, YAHOO_SECRET)
+token  = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
+token.get(
+  "https://social.yahooapis.com/v1/user/#{uid}/profile?format=json"
+).parsed
+```
+
+And to refresh the access token once it has expired:
+
+```ruby
+old_token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
+if old_token.expired?
+  new_token = old_token.refresh!
+  new_token.to_hash # => update your database with this
+end
+```
+
+## TODO ##
+- Handle failure cases. (https://developer.yahoo.com/oauth2/guide/errors/)
+- Test something. Anything.

data/lib/omniauth/strategies/yahoo_oauth2.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+require "jwt"
+require 'omniauth/strategies/oauth2'
+
+module OmniAuth
+  module Strategies
+    class YahooOauth2 < OmniAuth::Strategies::OAuth2
+
+      OPEN_ID_CONNECT_SCOPES = "openid,profile,email"
+
+      ALLOWED_ISSUERS = %w[
+        https://api.login.yahoo.com
+        api.login.yahoo.com
+        login.yahoo.com
+      ].freeze
+
+      option :name, 'yahoo'
+
+      option :userinfo_url, "/openid/v1/userinfo"
+
+      option :client_options, {
+        site:              "https://api.login.yahoo.com",
+        authorize_url:     "/oauth2/request_auth",
+        token_url:         "/oauth2/get_token",
+      }
+
+      option :skip_jwt, false
+      option :jwt_leeway, 300
+
+      option :authorize_params, {
+        response_type: 'code',
+      }
+
+      option :authorize_options, %i[
+        language
+        login_hint
+        max_age
+        prompt
+        redirect_uri
+        scope
+        state
+      ]
+
+      uid { raw_info['sub'] }
+
+      info do
+        prune!({
+          name:       raw_info["name"],
+          email:      verified_email,
+          unverified_email: raw_info['email'],
+          email_verified:   raw_info["email_verified"],
+          first_name: raw_info["given_name"],
+          last_name:  raw_info["family_name"],
+          nickname:   raw_info["nickname"],
+          gender:     raw_info["gender"],
+          locale:     raw_info['locale'],
+          image:      raw_info['picture'],
+          phone:      raw_info["phone_number"],
+          phone_verified: raw_info["phone_number_verified"],
+          urls: {
+            profile: raw_info['profile'],
+            website: raw_info['website'],
+          },
+        })
+      end
+
+      # n.b. renamed raw_info to userinfo. Userinfo is part of the OIDc standard.
+      extra do
+        hash = {}
+        hash[:userinfo] = raw_info unless skip_info?
+        hash[:id_token] = access_token["id_token"]
+        hash[:id_info]  = decode_info_token
+        prune! hash
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get(userinfo_url).parsed
+      end
+
+      private
+
+      # This follows the example in omniauth-google-oauth2.
+      #
+      # Probably better to set the redirect_uri as a client option when creating
+      # the client, because OAuth2::Client knows how to handle it, but that
+      # requires updating OmniAuth::Strategies::OAuth2.
+      def callback_url
+        options[:redirect_uri] || (full_host + script_name + callback_path)
+      end
+
+      def userinfo_url
+        options.client_options.site + options.userinfo_url
+      end
+
+      # This is copied from the omniauth-google-oauth2 gem
+      def verified_email
+        raw_info['email_verified'] ? raw_info['email'] : nil
+      end
+
+      # This is copied from the omniauth-google-oauth2 gem
+      def prune!(hash)
+        hash.delete_if do |_, v|
+          prune!(v) if v.is_a?(Hash)
+          v.nil? || (v.respond_to?(:empty?) && v.empty?)
+        end
+      end
+
+      # super saves SecureRandom state to session and merges authorize_options
+      #
+      # This follows the example in omniauth-google-oauth2 and
+      # merges any request param with the same name as an authorize_option.
+      # It then saves state to the session (in case it was overwritten).
+      #
+      # Probably the better way to handle this is to build it into "options_for"
+      # and have another option (e.g. authorize_request_params).
+      def authorize_params
+        super.tap do |params|
+          options[:authorize_options].each do |k|
+            unless [nil, ''].include?(request.params[k.to_s])
+              params[k] = request.params[k.to_s]
+            end
+            session['omniauth.state'] = params[:state] if params[:state]
+          end
+        end
+      end
+
+      # This is copied from the omniauth-google-oauth2 gem
+      def decode_info_token
+        unless options[:skip_jwt] || access_token['id_token'].nil?
+          decoded = ::JWT.decode(access_token['id_token'], nil, false).first
+
+          # We have to manually verify the claims because the third parameter to
+          # JWT.decode is false since no verification key is provided.
+          ::JWT::Verify.verify_claims(decoded,
+                                      verify_iss: true,
+                                      iss: ALLOWED_ISSUERS,
+                                      verify_aud: true,
+                                      aud: options.client_id,
+                                      verify_sub: false,
+                                      verify_expiration: true,
+                                      verify_not_before: true,
+                                      verify_iat: true,
+                                      verify_jti: false,
+                                      leeway: options[:jwt_leeway])
+
+          decoded
+        end
+      end
+
+    end
+  end
+end

data/lib/omniauth/yahoo_oauth2/version.rb

@@ -0,0 +1,5 @@
+module OmniAuth
+  module YahooOauth2
+    VERSION = '1.3.1'
+  end
+end

data/lib/omniauth/yahoo_oauth2.rb

@@ -0,0 +1 @@
+require 'omniauth/strategies/yahoo_oauth2'

data/lib/omniauth-oauth2-yahoo.rb

@@ -0,0 +1 @@
+require 'omniauth/yahoo_oauth2'

data/omniauth-oauth2-yahoo.gemspec

@@ -0,0 +1,19 @@
+require File.expand_path(File.join('..', 'lib', 'omniauth', 'yahoo_oauth2', 'version'), __FILE__)
+
+Gem::Specification.new do |gem|
+  gem.add_runtime_dependency 'omniauth', '~> 2.0'
+  gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.1'
+  gem.add_development_dependency 'bundler', '~> 2'
+
+  gem.authors       = ['Kristoffer Ek', 'Josef Ngo', 'Sten Larsson']
+  gem.email         = ['kristoffer.ek@burtcorp.com', 'josef.ngo@burtcorp.com', 'sten@burtcorp.com']
+  gem.description   = 'A Yahoo OAuth2 strategy for OmniAuth.'
+  gem.summary       = gem.description
+  gem.homepage      = 'https://github.com/burtcorp/omniauth-yahoo-oauth2'
+  gem.license       = 'MIT'
+
+  gem.files         = `git ls-files`.split("\n")
+  gem.name          = 'omniauth-oauth2-yahoo'
+  gem.require_paths = ['lib']
+  gem.version       = OmniAuth::YahooOauth2::VERSION
+end

metadata

@@ -0,0 +1,97 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-oauth2-yahoo
+version: !ruby/object:Gem::Version
+  version: 1.3.1
+platform: ruby
+authors:
+- Kristoffer Ek
+- Josef Ngo
+- Sten Larsson
+autorequire: 
+bindir: bin
+cert_chain: []
+date: 2023-05-30 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.1'
+- !ruby/object:Gem::Dependency
+  name: bundler
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '2'
+description: A Yahoo OAuth2 strategy for OmniAuth.
+email:
+- kristoffer.ek@burtcorp.com
+- josef.ngo@burtcorp.com
+- sten@burtcorp.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- ".gitignore"
+- Gemfile
+- README.md
+- lib/omniauth-oauth2-yahoo.rb
+- lib/omniauth/strategies/yahoo_oauth2.rb
+- lib/omniauth/yahoo_oauth2.rb
+- lib/omniauth/yahoo_oauth2/version.rb
+- omniauth-oauth2-yahoo.gemspec
+homepage: https://github.com/burtcorp/omniauth-yahoo-oauth2
+licenses:
+- MIT
+metadata: {}
+post_install_message: 
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.0.3.1
+signing_key: 
+specification_version: 4
+summary: A Yahoo OAuth2 strategy for OmniAuth.
+test_files: []