omniauth-spotify 0.0.13 → 1.0.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: c6cfc7bc3f3960d5aafb19072df330b9fc114144
-  data.tar.gz: c47393c874d66fd154ced25e43c3fbf3f26c6ddc
+SHA256:
+  metadata.gz: a1468293039a29cd8d1f4757139d5fece6bae3ac3c73f1f4275ae4553d0405c3
+  data.tar.gz: d7275eb0deb58c3b24310b50aef1216fc4970ac6cb4dab4e6efa798dfdc17efe
 SHA512:
-  metadata.gz: e1bacddc1f7689409a152dec14a07d92886a97e1175fb1151241361f767309ad0ce2410dffcdc02b11f24fa4d561d5a94b128f922f9e458749ef40cc4349c57a
-  data.tar.gz: 86a327b610d67113878c57e9afc4897555c3bcc3764564c14a111935ca3308036196b96f57eaa41a577ea61a0f4f23ab97edbacde45e93f9055208d271bbe937
+  metadata.gz: '091df662a286585d04d94895780f1e7bf7603fe23959ff0e12f9d86306577c7f88a6ed3cba009dfed146c50adc35a8cffcbee17c3716bd62f4e8294fd779e943'
+  data.tar.gz: 8c4d1d9d2b6d23c623159128ce271ec3bbb1880cfb400d13cc616ca2ec72d5b0d931caee92e16e36b689b8be34ffafabefc78689f9a76eb6cfb77016c7497dd9

data/README.md

@@ -1,138 +1,122 @@
-# Spotify OmniAuth Strategy
+# OmniAuth Spotify Strategy
 
-This gem provides a simple way to authenticate to the Spotify Web API using OmniAuth with OAuth2.
+[![Test](https://github.com/icoretech/omniauth-spotify/actions/workflows/test.yml/badge.svg?branch=main)](https://github.com/icoretech/omniauth-spotify/actions/workflows/test.yml?query=branch%3Amain)
+[![Gem Version](https://img.shields.io/gem/v/omniauth-spotify.svg)](https://rubygems.org/gems/omniauth-spotify)
+
+`omniauth-spotify` provides a Spotify OAuth2 strategy for OmniAuth.
 
 ## Installation
 
 Add this line to your application's Gemfile:
 
-    gem 'omniauth-spotify'
-
-And then execute:
-
-    $ bundle
+```ruby
+gem 'omniauth-spotify'
+```
 
-Or install it yourself as:
+Then run:
 
-    $ gem install omniauth-spotify
+```bash
+bundle install
+```
 
 ## Usage
 
-You'll need to register an app on Spotify, you can do this here - https://developer.spotify.com/my-applications/#!/applications
-
-Usage of the gem is very similar to other OmniAuth strategies.
-You'll need to add your app credentials to `config/initializers/omniauth.rb`:
+Configure OmniAuth in your Rack/Rails app:
 
 ```ruby
-keys = Rails.application.secrets
-
 Rails.application.config.middleware.use OmniAuth::Builder do
-  provider :spotify, keys.spotify['client_id'], keys.spotify['client_secret'], scope: 'playlist-read-private user-read-private user-read-email'
+  provider :spotify, ENV.fetch('SPOTIFY_CLIENT_ID'), ENV.fetch('SPOTIFY_CLIENT_SECRET'),
+           scope: 'user-read-email user-read-private'
 end
 ```
 
-Please replace the example `scope` provided with your own.
-Read more about scopes here: https://developer.spotify.com/web-api/using-scopes/
+## Forcing a Permission Dialog
 
-Or with Devise in `config/initializers/devise.rb`:
+Spotify may skip the permission dialog when the user already granted access. To force it:
 
-```ruby
-keys = Rails.application.secrets
-
-config.omniauth :spotify, keys.spotify['client_id'], keys.spotify['client_secret'], scope: 'playlist-read-private user-read-private user-read-email'
-```
+- set `request.env['rack.session']['omniauth_spotify_force_approval?'] = true`, or
+- pass `show_dialog=true` on the auth request URL.
 
-## Forcing a Permission-Request Dialog
+Backward compatibility is preserved for the historical misspelled key:
+`ommiauth_spotify_force_approval?`.
 
-If a user has given permission for an app to access a scope, that permission won't be asked again unless the user revokes access.
-In these cases, authorization sequences proceed without user interation.
+## Auth Hash
 
-To force a permission dialog being shown to the user, which also makes it possible for them to switch Spotify accounts,
-set either `request.env['rack.session'][:ommiauth_spotify_force_approval?]` or `flash[:ommiauth_spotify_force_approval?]` (Rails apps only)
-to a truthy value on the request that performs the Omniauth redirection. 
+Example payload from `request.env['omniauth.auth']` (real shape, anonymized):
 
-Alternately, you can pass `show_dialog=true` when you redirect to your spotify auth URL if you prefer not to use the session. 
-```
-http://localhost:3000/auth/spotify?show_dialog=true
+```json
+{
+  "uid": "1234567890",
+  "info": {
+    "name": "1234567890",
+    "nickname": "1234567890",
+    "email": "user@example.test",
+    "urls": {
+      "spotify": "https://open.spotify.com/user/1234567890"
+    },
+    "country_code": "IT",
+    "product": "free",
+    "follower_count": 24
+  },
+  "credentials": {
+    "token": "sample-access-token",
+    "refresh_token": "sample-refresh-token",
+    "expires_at": 1710000000,
+    "expires": true
+  },
+  "extra": {
+    "raw_info": {
+      "country": "IT",
+      "display_name": "1234567890",
+      "email": "user@example.test",
+      "explicit_content": {
+        "filter_enabled": false,
+        "filter_locked": false
+      },
+      "external_urls": {
+        "spotify": "https://open.spotify.com/user/1234567890"
+      },
+      "followers": {
+        "href": null,
+        "total": 24
+      },
+      "href": "https://api.spotify.com/v1/users/1234567890",
+      "id": "1234567890",
+      "images": [],
+      "product": "free",
+      "type": "user",
+      "uri": "spotify:user:1234567890"
+    }
+  }
+}
 ```
 
-## Auth Hash Schema
+`info.image` and `info.birthdate` are included only when Spotify returns those fields.
 
-* Authorization data is available in the `request.env['omniauth.auth'].credentials` -- a hash that also responds to
-the `token`, `refresh_token`, `expires_at`, and `expires` methods.
+## Development
 
-```ruby
- {
-    "token" => "xxxx",
-    "refresh_token" => "xxxx",
-    "expires_at" => 1403021232,
-    "expires" => true
- }
+```bash
+bundle install
+bundle exec rake
 ```
 
-* Information about the authorized Spotify user is available in the `request.env['omniauth.auth'].info` hash. e.g.
+Run Rails integration tests with an explicit Rails version:
 
-```ruby
- {
-    :name => "Claudio Poli",
-    :nickname => "SomeName",
-    :email => "claudio@icorete.ch",
-    :urls => {"spotify" => "https://open.spotify.com/user/1111111111"},
-    :image => "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-xfp1/t1.0-1/s320x320/301234_1962753760624_625151598_n.jpg",
-    :birthdate => Mon, 01 Mar 1993, # Date class
-    :country_code => "IT",
-    :product => "open",
-    :follower_count => 10
-  }
+```bash
+RAILS_VERSION='~> 8.1.0' bundle install
+RAILS_VERSION='~> 8.1.0' bundle exec rake test_rails_integration
 ```
 
-The username/nickname is also available via a call to `request.env['omniauth.auth'].uid`.
-
-  * Unless the `user-read-private` scope is included, the `birthdate`, `country`, `image`, and `product` fields may be `nil`,
-    and the `name` field will be set to the username/nickname instead of the display name.
-  * The email field will be nil if the 'user-read-email' scope isn't included.
-
-
-* The raw response to the `me` endpoint call is also available in  `request.env['omniauth.auth'].extra['raw_info']`. e.g.
+## Compatibility
 
-```ruby
-{
-  "country" => "IT",
-  "display_name" => "Claudio Poli",
-  "birthdate" => "1993-03-01",
-  "email" => "claudio@icorete.ch",
-  "external_urls" => {
-    "spotify" => "https://open.spotify.com/user/1111111111"
-  },
-  "followers" => {
-    "href" => nil,
-    "total" => 10
-  },
-  "href" => "https://api.spotify.com/v1/users/1111111111",
-  "id" => "1111111111",
-  "images" => [
-    {
-      "height" => nil,
-      "url" => "https://fbcdn-profile-a.akamaihd.net/hprofile-ak-xfp1/t1.0-1/s320x320/301234_1962753760624_625151598_n.jpg",
-      "width" => nil
-    }
-  ],
-  "product" => "open",
-  "type" => "user",
-  "uri" => "spotify:user:1111111111"
-}
-
-```
+- Ruby: `>= 3.2` (tested on `3.2`, `3.3`, `3.4`, `4.0`)
+- `omniauth-oauth2`: `>= 1.8`, `< 1.9`
+- Rails integration lanes: `~> 7.1.0`, `~> 7.2.0`, `~> 8.0.0`, `~> 8.1.0`
 
-## More
+## Release
 
-This gem is brought to you by the [AudioBox](https://audiobox.fm) guys.
-Enjoy!
+Tag releases as `vX.Y.Z`; GitHub Actions publishes the gem to RubyGems.
 
-## Contributing
+## License
 
-1. Fork it
-2. Create your feature branch (`git checkout -b my-new-feature`)
-3. Commit your changes (`git commit -am 'Add some feature'`)
-4. Push to the branch (`git push origin my-new-feature`)
-5. Create new Pull Request
+MIT

data/lib/omniauth/spotify/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module Spotify
+    VERSION = '1.0.1'
+  end
+end

data/lib/omniauth/spotify.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+require 'omniauth/spotify/version'
+require 'omniauth/strategies/spotify'

data/lib/omniauth/strategies/spotify.rb

@@ -0,0 +1,103 @@
+# frozen_string_literal: true
+
+require 'date'
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for Spotify OAuth2.
+    class Spotify < OmniAuth::Strategies::OAuth2
+      option :name, 'spotify'
+
+      FORCE_APPROVAL_KEY = 'omniauth_spotify_force_approval?'
+      LEGACY_FORCE_APPROVAL_KEY = 'ommiauth_spotify_force_approval?'
+
+      option :client_options,
+             site: 'https://api.spotify.com',
+             authorize_url: 'https://accounts.spotify.com/authorize',
+             token_url: 'https://accounts.spotify.com/api/token',
+             connection_opts: {
+               headers: {
+                 user_agent: 'icoretech-omniauth-spotify gem',
+                 accept: 'application/json',
+                 content_type: 'application/json'
+               }
+             }
+
+      uid { raw_info['id'] }
+
+      info do
+        {
+          name: raw_info['display_name'] || raw_info['id'],
+          nickname: raw_info['id'],
+          email: raw_info['email'],
+          urls: raw_info['external_urls'],
+          image: image_url,
+          birthdate: parse_birthdate(raw_info['birthdate']),
+          country_code: raw_info['country'],
+          product: raw_info['product'],
+          follower_count: raw_info.dig('followers', 'total')
+        }.compact
+      end
+
+      extra do
+        {
+          'raw_info' => raw_info
+        }
+      end
+
+      def raw_info
+        @raw_info ||= access_token.get('v1/me').parsed
+      end
+
+      def image_url
+        raw_info.fetch('images', []).first&.fetch('url', nil)
+      end
+
+      def authorize_params
+        super.tap do |params|
+          params[:show_dialog] = true if force_approval_requested?
+        end
+      end
+
+      def request_phase
+        options[:authorize_params][:show_dialog] = request.params['show_dialog'] if request.params.key?('show_dialog')
+        super
+      end
+
+      def callback_url
+        return '' if @authorization_code_from_signed_request
+
+        options[:callback_url] || super
+      end
+
+      def query_string
+        return '' if request.params['code']
+
+        super
+      end
+
+      private
+
+      def force_approval_requested?
+        session.delete(FORCE_APPROVAL_KEY) ||
+          session.delete(LEGACY_FORCE_APPROVAL_KEY) ||
+          flash_force_approval?(FORCE_APPROVAL_KEY) ||
+          flash_force_approval?(LEGACY_FORCE_APPROVAL_KEY)
+      end
+
+      def flash_force_approval?(key)
+        flashes = session.dig(:flash, 'flashes') || session.dig('flash', 'flashes')
+        !!flashes&.[](key)
+      end
+
+      def parse_birthdate(value)
+        return nil if value.to_s.empty?
+
+        Date.iso8601(value)
+      rescue Date::Error
+        nil
+      end
+    end
+  end
+end

data/lib/omniauth-spotify/version.rb

@@ -1,5 +1,10 @@
+# frozen_string_literal: true
+
+require 'omniauth/spotify/version'
+
+# Backward compatibility for historical constant usage.
 module Omniauth
   module Spotify
-    VERSION = "0.0.13"
+    VERSION = OmniAuth::Spotify::VERSION
   end
 end

data/lib/omniauth-spotify.rb

@@ -1,91 +1,3 @@
-require 'omniauth/strategies/oauth2'
-require 'date'
+# frozen_string_literal: true
 
-module OmniAuth
-  module Strategies
-    class Spotify < OmniAuth::Strategies::OAuth2
-      # Give your strategy a name.
-      option :name, 'spotify'
-      
-      FORCE_APPROVAL_KEY = 'ommiauth_spotify_force_approval?'.freeze
-
-      # This is where you pass the options you would pass when
-      # initializing your consumer from the OAuth gem.
-      option :client_options, {
-        :site          => 'https://api.spotify.com/v1',
-        :authorize_url => 'https://accounts.spotify.com/authorize',
-        :token_url     => 'https://accounts.spotify.com/api/token',
-      }
-
-      # These are called after authentication has succeeded. If
-      # possible, you should try to set the UID without making
-      # additional calls (if the user id is returned with the token
-      # or as a URI parameter). This may not be possible with all
-      # providers.
-      uid{ raw_info['id'] }
-
-      info do
-        {
-          # Unless the 'user-read-private' scope is included, the birthdate, country, image, and product fields may be nil,
-          # and the name field will be set to the username/nickname instead of the display name.
-          # The email field will be nil if the 'user-read-email' scope isn't included.
-          #
-          :name => raw_info['display_name'] || raw_info['id'],
-          :nickname => raw_info['id'],
-          :email => raw_info['email'],
-          :urls => raw_info['external_urls'],
-          :image => image_url,
-          :birthdate => raw_info['birthdate'] && Date.parse(raw_info['birthdate']),
-          :country_code => raw_info['country'],
-          :product => raw_info['product'],
-          :follower_count => raw_info['followers']['total']
-        }
-      end
-
-      extra do
-        {
-          'raw_info' => raw_info
-        }
-      end
-
-      def image_url
-        if images = raw_info['images']
-          if first = images.first
-            first['url']
-          end
-        end
-      end
-
-      def raw_info
-        @raw_info ||= access_token.get('me').parsed
-      end
-      
-      def authorize_params
-        super.tap do |params|
-          if session.delete(FORCE_APPROVAL_KEY) ||
-             (session[:flash] && session[:flash]['flashes'] && session[:flash]['flashes'][FORCE_APPROVAL_KEY])
-            params[:show_dialog] = true
-          end
-        end
-      end
-
-      def request_phase
-        %w[show_dialog].each do |v|
-          if request.params[v]
-            options[:authorize_params][v.to_sym] = request.params[v]
-          end
-        end
-        super
-      end
-
-      def callback_url
-        if @authorization_code_from_signed_request_in_cookie
-          ''
-        else
-          # Fixes regression in omniauth-oauth2 v1.4.0 by https://github.com/intridea/omniauth-oauth2/commit/85fdbe117c2a4400d001a6368cc359d88f40abc7
-          options[:callback_url] || (full_host + script_name + callback_path)
-        end
-      end
-    end
-  end
-end
+require 'omniauth/spotify'

data/omniauth-spotify.gemspec

@@ -1,21 +1,34 @@
-# -*- encoding: utf-8 -*-
-lib = File.expand_path('../lib', __FILE__)
+# frozen_string_literal: true
+
+lib = File.expand_path('lib', __dir__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
-require 'omniauth-spotify/version'
+require 'omniauth/spotify/version'
+
+Gem::Specification.new do |spec|
+  spec.name = 'omniauth-spotify'
+  spec.version = OmniAuth::Spotify::VERSION
+  spec.authors = ['Claudio Poli']
+  spec.email = ['masterkain@gmail.com']
+
+  spec.summary = 'OmniAuth strategy for Spotify OAuth2 authentication.'
+  spec.description = 'OAuth2 strategy for OmniAuth that authenticates users with Spotify and exposes account metadata.'
+  spec.homepage = 'https://github.com/icoretech/omniauth-spotify'
+  spec.license = 'MIT'
+  spec.required_ruby_version = '>= 3.2'
 
-Gem::Specification.new do |gem|
-  gem.name          = "omniauth-spotify"
-  gem.version       = Omniauth::Spotify::VERSION
-  gem.authors       = ["Claudio Poli"]
-  gem.email         = ["claudio@icorete.ch\n"]
-  gem.description   = %q{OmniAuth strategy for Spotify}
-  gem.summary       = %q{OmniAuth strategy for Spotify}
-  gem.homepage      = "https://github.com/icoretech/omniauth-spotify"
+  spec.metadata['source_code_uri'] = 'https://github.com/icoretech/omniauth-spotify'
+  spec.metadata['bug_tracker_uri'] = 'https://github.com/icoretech/omniauth-spotify/issues'
+  spec.metadata['changelog_uri'] = 'https://github.com/icoretech/omniauth-spotify/releases'
+  spec.metadata['rubygems_mfa_required'] = 'true'
 
-  gem.files         = `git ls-files`.split($/)
-  gem.executables   = gem.files.grep(%r{^bin/}).map{ |f| File.basename(f) }
-  gem.test_files    = gem.files.grep(%r{^(test|spec|features)/})
-  gem.require_paths = ["lib"]
+  spec.files = Dir[
+    'lib/**/*.rb',
+    'README*',
+    'LICENSE*',
+    '*.gemspec'
+  ]
+  spec.require_paths = ['lib']
 
-  gem.add_dependency 'omniauth-oauth2', '~> 1.1'
+  spec.add_dependency 'cgi', '>= 0.3.6'
+  spec.add_dependency 'omniauth-oauth2', '>= 1.8', '< 1.9'
 end

metadata

@@ -1,50 +1,72 @@
 --- !ruby/object:Gem::Specification
 name: omniauth-spotify
 version: !ruby/object:Gem::Version
-  version: 0.0.13
+  version: 1.0.1
 platform: ruby
 authors:
 - Claudio Poli
-autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-03-28 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
+- !ruby/object:Gem::Dependency
+  name: cgi
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: 0.3.6
 - !ruby/object:Gem::Dependency
   name: omniauth-oauth2
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '1.1'
+        version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '1.9'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.8'
+    - - "<"
       - !ruby/object:Gem::Version
-        version: '1.1'
-description: OmniAuth strategy for Spotify
+        version: '1.9'
+description: OAuth2 strategy for OmniAuth that authenticates users with Spotify and
+  exposes account metadata.
 email:
-- 'claudio@icorete.ch
-
-'
+- masterkain@gmail.com
 executables: []
 extensions: []
 extra_rdoc_files: []
 files:
-- ".gitignore"
-- Gemfile
 - LICENSE.txt
 - README.md
-- Rakefile
 - lib/omniauth-spotify.rb
 - lib/omniauth-spotify/version.rb
+- lib/omniauth/spotify.rb
+- lib/omniauth/spotify/version.rb
+- lib/omniauth/strategies/spotify.rb
 - omniauth-spotify.gemspec
 homepage: https://github.com/icoretech/omniauth-spotify
-licenses: []
-metadata: {}
-post_install_message: 
+licenses:
+- MIT
+metadata:
+  source_code_uri: https://github.com/icoretech/omniauth-spotify
+  bug_tracker_uri: https://github.com/icoretech/omniauth-spotify/issues
+  changelog_uri: https://github.com/icoretech/omniauth-spotify/releases
+  rubygems_mfa_required: 'true'
 rdoc_options: []
 require_paths:
 - lib
@@ -52,16 +74,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: '0'
+      version: '3.2'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.6.11
-signing_key: 
+rubygems_version: 3.6.9
 specification_version: 4
-summary: OmniAuth strategy for Spotify
+summary: OmniAuth strategy for Spotify OAuth2 authentication.
 test_files: []

data/.gitignore

@@ -1,17 +0,0 @@
-*.gem
-*.rbc
-.bundle
-.config
-.yardoc
-Gemfile.lock
-InstalledFiles
-_yardoc
-coverage
-doc/
-lib/bundler/man
-pkg
-rdoc
-spec/reports
-test/tmp
-test/version_tmp
-tmp

data/Gemfile

@@ -1,4 +0,0 @@
-source 'https://rubygems.org'
-
-# Specify your gem's dependencies in omniauth-box2.gemspec
-gemspec

data/Rakefile

@@ -1 +0,0 @@
-require "bundler/gem_tasks"