omniauth-oauth2-yahoo 1.3.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/.gitignore +4 -0
- data/Gemfile +3 -0
- data/README.md +69 -0
- data/lib/omniauth/strategies/yahoo_oauth2.rb +153 -0
- data/lib/omniauth/yahoo_oauth2/version.rb +5 -0
- data/lib/omniauth/yahoo_oauth2.rb +1 -0
- data/lib/omniauth-oauth2-yahoo.rb +1 -0
- data/omniauth-oauth2-yahoo.gemspec +19 -0
- metadata +97 -0
checksums.yaml
ADDED
@@ -0,0 +1,7 @@
|
|
1
|
+
---
|
2
|
+
SHA256:
|
3
|
+
metadata.gz: 57770bd32ccb0e5eb4a406d810d048166f4e8ac65dcd20944da7513f1fb55a1b
|
4
|
+
data.tar.gz: fe46335d98ed00c281a43056e383ea2969918c4ba217b3636998a5fbc546722a
|
5
|
+
SHA512:
|
6
|
+
metadata.gz: 362d92ec48c64f72cd8a5f4dac112b3f3ef668746085d125d66555e358fce945126fb77173baeb38ace596dffd9f8a6701623b0b7e50e44130c04f7d7c659a44
|
7
|
+
data.tar.gz: 4e275cb412b0df8a8261edc9252321a7223371a9ad20c4cdc95a77c5bf0d6d1b679685535f11e2bc2499154a20c78102d03fda5d80c7963a2ea67fccd661e33f
|
data/.gitignore
ADDED
data/Gemfile
ADDED
data/README.md
ADDED
@@ -0,0 +1,69 @@
|
|
1
|
+
## omniauth-yahoo-oauth2 ##
|
2
|
+
|
3
|
+
An unofficial, hastily-written Oauth2 OmniAuth strategy for Yahoo. Uses the
|
4
|
+
authorization flow described at
|
5
|
+
https://developer.yahoo.com/oauth2/guide/flows_authcode/.
|
6
|
+
|
7
|
+
Built using https://github.com/intridea/omniauth-oauth2.
|
8
|
+
|
9
|
+
## Setup ##
|
10
|
+
`gem install omniauth-yahoo-oauth2`
|
11
|
+
|
12
|
+
Create an app at https://developer.yahoo.com/apps to get a Yahoo client ID and
|
13
|
+
secret.
|
14
|
+
|
15
|
+
## Usage ##
|
16
|
+
```ruby
|
17
|
+
# In an initializer
|
18
|
+
Rails.application.config.middleware.use OmniAuth::Builder do
|
19
|
+
provider :yahoo_oauth2, yahoo_client_id, yahoo_secret, name: 'yahoo'
|
20
|
+
end
|
21
|
+
```
|
22
|
+
|
23
|
+
See https://github.com/intridea/omniauth for Omniauth instructions.
|
24
|
+
|
25
|
+
## Notes ##
|
26
|
+
|
27
|
+
OmniAuth doesn't currently have built-in support for Basic Authentication for
|
28
|
+
retrieving OAuth2 tokens, so `YahooOauth2::Client` overrides
|
29
|
+
`OAuth2::Client#get_token`. Yahoo also requires `redirect_uri` to be set when
|
30
|
+
refreshing the `access_token`, so `YahooOauth2::AccessToken` overrides
|
31
|
+
`OAuth2::AccessToken#refresh!` to handle that.
|
32
|
+
|
33
|
+
As with other OAuth2 providers, Yahoo returns an `access_token`, a
|
34
|
+
`refresh_token`, and an expiration time for the `access_token`. They are
|
35
|
+
available in the credentials hash in the callback:
|
36
|
+
|
37
|
+
```ruby
|
38
|
+
credentials = request.env.fetch('omniauth.auth').fetch(:credentials)
|
39
|
+
tokens_hash = {
|
40
|
+
access_token: credentials[:token],
|
41
|
+
refresh_token: credentials[:refresh_token],
|
42
|
+
expires_at: credentials[:expires_at]
|
43
|
+
}
|
44
|
+
```
|
45
|
+
|
46
|
+
They should be saved to your application's database. You can use the
|
47
|
+
`access_token` directly or use `YahooOauth2::AccessToken` for requests:
|
48
|
+
|
49
|
+
```ruby
|
50
|
+
client = YahooOauth2::Client.new(YAHOO_CLIENT_ID, YAHOO_SECRET)
|
51
|
+
token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
|
52
|
+
token.get(
|
53
|
+
"https://social.yahooapis.com/v1/user/#{uid}/profile?format=json"
|
54
|
+
).parsed
|
55
|
+
```
|
56
|
+
|
57
|
+
And to refresh the access token once it has expired:
|
58
|
+
|
59
|
+
```ruby
|
60
|
+
old_token = YahooOauth2::AccessToken.from_hash(client, tokens_hash)
|
61
|
+
if old_token.expired?
|
62
|
+
new_token = old_token.refresh!
|
63
|
+
new_token.to_hash # => update your database with this
|
64
|
+
end
|
65
|
+
```
|
66
|
+
|
67
|
+
## TODO ##
|
68
|
+
- Handle failure cases. (https://developer.yahoo.com/oauth2/guide/errors/)
|
69
|
+
- Test something. Anything.
|
@@ -0,0 +1,153 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
require "jwt"
|
4
|
+
require 'omniauth/strategies/oauth2'
|
5
|
+
|
6
|
+
module OmniAuth
|
7
|
+
module Strategies
|
8
|
+
class YahooOauth2 < OmniAuth::Strategies::OAuth2
|
9
|
+
|
10
|
+
OPEN_ID_CONNECT_SCOPES = "openid,profile,email"
|
11
|
+
|
12
|
+
ALLOWED_ISSUERS = %w[
|
13
|
+
https://api.login.yahoo.com
|
14
|
+
api.login.yahoo.com
|
15
|
+
login.yahoo.com
|
16
|
+
].freeze
|
17
|
+
|
18
|
+
option :name, 'yahoo'
|
19
|
+
|
20
|
+
option :userinfo_url, "/openid/v1/userinfo"
|
21
|
+
|
22
|
+
option :client_options, {
|
23
|
+
site: "https://api.login.yahoo.com",
|
24
|
+
authorize_url: "/oauth2/request_auth",
|
25
|
+
token_url: "/oauth2/get_token",
|
26
|
+
}
|
27
|
+
|
28
|
+
option :skip_jwt, false
|
29
|
+
option :jwt_leeway, 300
|
30
|
+
|
31
|
+
option :authorize_params, {
|
32
|
+
response_type: 'code',
|
33
|
+
}
|
34
|
+
|
35
|
+
option :authorize_options, %i[
|
36
|
+
language
|
37
|
+
login_hint
|
38
|
+
max_age
|
39
|
+
prompt
|
40
|
+
redirect_uri
|
41
|
+
scope
|
42
|
+
state
|
43
|
+
]
|
44
|
+
|
45
|
+
uid { raw_info['sub'] }
|
46
|
+
|
47
|
+
info do
|
48
|
+
prune!({
|
49
|
+
name: raw_info["name"],
|
50
|
+
email: verified_email,
|
51
|
+
unverified_email: raw_info['email'],
|
52
|
+
email_verified: raw_info["email_verified"],
|
53
|
+
first_name: raw_info["given_name"],
|
54
|
+
last_name: raw_info["family_name"],
|
55
|
+
nickname: raw_info["nickname"],
|
56
|
+
gender: raw_info["gender"],
|
57
|
+
locale: raw_info['locale'],
|
58
|
+
image: raw_info['picture'],
|
59
|
+
phone: raw_info["phone_number"],
|
60
|
+
phone_verified: raw_info["phone_number_verified"],
|
61
|
+
urls: {
|
62
|
+
profile: raw_info['profile'],
|
63
|
+
website: raw_info['website'],
|
64
|
+
},
|
65
|
+
})
|
66
|
+
end
|
67
|
+
|
68
|
+
# n.b. renamed raw_info to userinfo. Userinfo is part of the OIDc standard.
|
69
|
+
extra do
|
70
|
+
hash = {}
|
71
|
+
hash[:userinfo] = raw_info unless skip_info?
|
72
|
+
hash[:id_token] = access_token["id_token"]
|
73
|
+
hash[:id_info] = decode_info_token
|
74
|
+
prune! hash
|
75
|
+
end
|
76
|
+
|
77
|
+
def raw_info
|
78
|
+
@raw_info ||= access_token.get(userinfo_url).parsed
|
79
|
+
end
|
80
|
+
|
81
|
+
private
|
82
|
+
|
83
|
+
# This follows the example in omniauth-google-oauth2.
|
84
|
+
#
|
85
|
+
# Probably better to set the redirect_uri as a client option when creating
|
86
|
+
# the client, because OAuth2::Client knows how to handle it, but that
|
87
|
+
# requires updating OmniAuth::Strategies::OAuth2.
|
88
|
+
def callback_url
|
89
|
+
options[:redirect_uri] || (full_host + script_name + callback_path)
|
90
|
+
end
|
91
|
+
|
92
|
+
def userinfo_url
|
93
|
+
options.client_options.site + options.userinfo_url
|
94
|
+
end
|
95
|
+
|
96
|
+
# This is copied from the omniauth-google-oauth2 gem
|
97
|
+
def verified_email
|
98
|
+
raw_info['email_verified'] ? raw_info['email'] : nil
|
99
|
+
end
|
100
|
+
|
101
|
+
# This is copied from the omniauth-google-oauth2 gem
|
102
|
+
def prune!(hash)
|
103
|
+
hash.delete_if do |_, v|
|
104
|
+
prune!(v) if v.is_a?(Hash)
|
105
|
+
v.nil? || (v.respond_to?(:empty?) && v.empty?)
|
106
|
+
end
|
107
|
+
end
|
108
|
+
|
109
|
+
# super saves SecureRandom state to session and merges authorize_options
|
110
|
+
#
|
111
|
+
# This follows the example in omniauth-google-oauth2 and
|
112
|
+
# merges any request param with the same name as an authorize_option.
|
113
|
+
# It then saves state to the session (in case it was overwritten).
|
114
|
+
#
|
115
|
+
# Probably the better way to handle this is to build it into "options_for"
|
116
|
+
# and have another option (e.g. authorize_request_params).
|
117
|
+
def authorize_params
|
118
|
+
super.tap do |params|
|
119
|
+
options[:authorize_options].each do |k|
|
120
|
+
unless [nil, ''].include?(request.params[k.to_s])
|
121
|
+
params[k] = request.params[k.to_s]
|
122
|
+
end
|
123
|
+
session['omniauth.state'] = params[:state] if params[:state]
|
124
|
+
end
|
125
|
+
end
|
126
|
+
end
|
127
|
+
|
128
|
+
# This is copied from the omniauth-google-oauth2 gem
|
129
|
+
def decode_info_token
|
130
|
+
unless options[:skip_jwt] || access_token['id_token'].nil?
|
131
|
+
decoded = ::JWT.decode(access_token['id_token'], nil, false).first
|
132
|
+
|
133
|
+
# We have to manually verify the claims because the third parameter to
|
134
|
+
# JWT.decode is false since no verification key is provided.
|
135
|
+
::JWT::Verify.verify_claims(decoded,
|
136
|
+
verify_iss: true,
|
137
|
+
iss: ALLOWED_ISSUERS,
|
138
|
+
verify_aud: true,
|
139
|
+
aud: options.client_id,
|
140
|
+
verify_sub: false,
|
141
|
+
verify_expiration: true,
|
142
|
+
verify_not_before: true,
|
143
|
+
verify_iat: true,
|
144
|
+
verify_jti: false,
|
145
|
+
leeway: options[:jwt_leeway])
|
146
|
+
|
147
|
+
decoded
|
148
|
+
end
|
149
|
+
end
|
150
|
+
|
151
|
+
end
|
152
|
+
end
|
153
|
+
end
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'omniauth/strategies/yahoo_oauth2'
|
@@ -0,0 +1 @@
|
|
1
|
+
require 'omniauth/yahoo_oauth2'
|
@@ -0,0 +1,19 @@
|
|
1
|
+
require File.expand_path(File.join('..', 'lib', 'omniauth', 'yahoo_oauth2', 'version'), __FILE__)
|
2
|
+
|
3
|
+
Gem::Specification.new do |gem|
|
4
|
+
gem.add_runtime_dependency 'omniauth', '~> 2.0'
|
5
|
+
gem.add_runtime_dependency 'omniauth-oauth2', '~> 1.1'
|
6
|
+
gem.add_development_dependency 'bundler', '~> 2'
|
7
|
+
|
8
|
+
gem.authors = ['Kristoffer Ek', 'Josef Ngo', 'Sten Larsson']
|
9
|
+
gem.email = ['kristoffer.ek@burtcorp.com', 'josef.ngo@burtcorp.com', 'sten@burtcorp.com']
|
10
|
+
gem.description = 'A Yahoo OAuth2 strategy for OmniAuth.'
|
11
|
+
gem.summary = gem.description
|
12
|
+
gem.homepage = 'https://github.com/burtcorp/omniauth-yahoo-oauth2'
|
13
|
+
gem.license = 'MIT'
|
14
|
+
|
15
|
+
gem.files = `git ls-files`.split("\n")
|
16
|
+
gem.name = 'omniauth-oauth2-yahoo'
|
17
|
+
gem.require_paths = ['lib']
|
18
|
+
gem.version = OmniAuth::YahooOauth2::VERSION
|
19
|
+
end
|
metadata
ADDED
@@ -0,0 +1,97 @@
|
|
1
|
+
--- !ruby/object:Gem::Specification
|
2
|
+
name: omniauth-oauth2-yahoo
|
3
|
+
version: !ruby/object:Gem::Version
|
4
|
+
version: 1.3.1
|
5
|
+
platform: ruby
|
6
|
+
authors:
|
7
|
+
- Kristoffer Ek
|
8
|
+
- Josef Ngo
|
9
|
+
- Sten Larsson
|
10
|
+
autorequire:
|
11
|
+
bindir: bin
|
12
|
+
cert_chain: []
|
13
|
+
date: 2023-05-30 00:00:00.000000000 Z
|
14
|
+
dependencies:
|
15
|
+
- !ruby/object:Gem::Dependency
|
16
|
+
name: omniauth
|
17
|
+
requirement: !ruby/object:Gem::Requirement
|
18
|
+
requirements:
|
19
|
+
- - "~>"
|
20
|
+
- !ruby/object:Gem::Version
|
21
|
+
version: '2.0'
|
22
|
+
type: :runtime
|
23
|
+
prerelease: false
|
24
|
+
version_requirements: !ruby/object:Gem::Requirement
|
25
|
+
requirements:
|
26
|
+
- - "~>"
|
27
|
+
- !ruby/object:Gem::Version
|
28
|
+
version: '2.0'
|
29
|
+
- !ruby/object:Gem::Dependency
|
30
|
+
name: omniauth-oauth2
|
31
|
+
requirement: !ruby/object:Gem::Requirement
|
32
|
+
requirements:
|
33
|
+
- - "~>"
|
34
|
+
- !ruby/object:Gem::Version
|
35
|
+
version: '1.1'
|
36
|
+
type: :runtime
|
37
|
+
prerelease: false
|
38
|
+
version_requirements: !ruby/object:Gem::Requirement
|
39
|
+
requirements:
|
40
|
+
- - "~>"
|
41
|
+
- !ruby/object:Gem::Version
|
42
|
+
version: '1.1'
|
43
|
+
- !ruby/object:Gem::Dependency
|
44
|
+
name: bundler
|
45
|
+
requirement: !ruby/object:Gem::Requirement
|
46
|
+
requirements:
|
47
|
+
- - "~>"
|
48
|
+
- !ruby/object:Gem::Version
|
49
|
+
version: '2'
|
50
|
+
type: :development
|
51
|
+
prerelease: false
|
52
|
+
version_requirements: !ruby/object:Gem::Requirement
|
53
|
+
requirements:
|
54
|
+
- - "~>"
|
55
|
+
- !ruby/object:Gem::Version
|
56
|
+
version: '2'
|
57
|
+
description: A Yahoo OAuth2 strategy for OmniAuth.
|
58
|
+
email:
|
59
|
+
- kristoffer.ek@burtcorp.com
|
60
|
+
- josef.ngo@burtcorp.com
|
61
|
+
- sten@burtcorp.com
|
62
|
+
executables: []
|
63
|
+
extensions: []
|
64
|
+
extra_rdoc_files: []
|
65
|
+
files:
|
66
|
+
- ".gitignore"
|
67
|
+
- Gemfile
|
68
|
+
- README.md
|
69
|
+
- lib/omniauth-oauth2-yahoo.rb
|
70
|
+
- lib/omniauth/strategies/yahoo_oauth2.rb
|
71
|
+
- lib/omniauth/yahoo_oauth2.rb
|
72
|
+
- lib/omniauth/yahoo_oauth2/version.rb
|
73
|
+
- omniauth-oauth2-yahoo.gemspec
|
74
|
+
homepage: https://github.com/burtcorp/omniauth-yahoo-oauth2
|
75
|
+
licenses:
|
76
|
+
- MIT
|
77
|
+
metadata: {}
|
78
|
+
post_install_message:
|
79
|
+
rdoc_options: []
|
80
|
+
require_paths:
|
81
|
+
- lib
|
82
|
+
required_ruby_version: !ruby/object:Gem::Requirement
|
83
|
+
requirements:
|
84
|
+
- - ">="
|
85
|
+
- !ruby/object:Gem::Version
|
86
|
+
version: '0'
|
87
|
+
required_rubygems_version: !ruby/object:Gem::Requirement
|
88
|
+
requirements:
|
89
|
+
- - ">="
|
90
|
+
- !ruby/object:Gem::Version
|
91
|
+
version: '0'
|
92
|
+
requirements: []
|
93
|
+
rubygems_version: 3.0.3.1
|
94
|
+
signing_key:
|
95
|
+
specification_version: 4
|
96
|
+
summary: A Yahoo OAuth2 strategy for OmniAuth.
|
97
|
+
test_files: []
|