omniauth-uber-eats-oauth2 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 91669d6758878744840643e370d369fa246a8eeb400b9cdba988ea35ab9cb6a8
+  data.tar.gz: 52fe483b8c95cdd011f070457a06f0a7a1c5704defbf5ed47dc48aa3a274cc36
+SHA512:
+  metadata.gz: ae0ceebc7fca5fbbca32065cb9c57d653cf794ba874d267ad1d9df60e2bc7e2e444d7b056fe5e2c3d10013eae8a6c5ac86d08ab8445d510e4f3736e7da7b2163
+  data.tar.gz: 2f88893066e0f750cc06a865c7a932a7b72aa881f929c137246d1aaec11c0a400dca2285341235326c0f9b03f18543436e6311241ffb2a7a6bff8a1321df0d6e

data/CHANGELOG.md

@@ -0,0 +1,12 @@
+# Changelog
+
+## [0.1.0] - 2026-03-16
+
+### Added
+
+- Initial release
+- OmniAuth OAuth2 strategy for Uber Eats
+- Authorization code flow with `eats.pos_provisioning` scope
+- Store info fetching from `/v1/eats/stores`
+- Redirect URI query param stripping for exact match
+- Full RSpec test suite with 100% line and branch coverage

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 dan1d
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,139 @@
+# OmniAuth Uber Eats OAuth2
+
+[![Gem Version](https://badge.fury.io/rb/omniauth-uber-eats-oauth2.svg)](https://badge.fury.io/rb/omniauth-uber-eats-oauth2)
+[![CI](https://github.com/dan1d/omniauth-uber-eats-oauth2/actions/workflows/ci.yml/badge.svg)](https://github.com/dan1d/omniauth-uber-eats-oauth2/actions/workflows/ci.yml)
+[![Coverage](https://img.shields.io/badge/coverage-100%25-brightgreen)](https://github.com/dan1d/omniauth-uber-eats-oauth2)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
+
+An OmniAuth strategy for authenticating with [Uber Eats](https://developer.uber.com/docs/eats) using OAuth 2.0.
+
+## Installation
+
+Add this line to your application's Gemfile:
+
+```ruby
+gem 'omniauth-uber-eats-oauth2'
+```
+
+And then execute:
+
+```bash
+bundle install
+```
+
+Or install it yourself as:
+
+```bash
+gem install omniauth-uber-eats-oauth2
+```
+
+## Usage
+
+### Rails / Devise
+
+In your Devise initializer (`config/initializers/devise.rb`):
+
+```ruby
+config.omniauth :uber_eats_oauth2,
+  ENV['UBER_EATS_CLIENT_ID'],
+  ENV['UBER_EATS_CLIENT_SECRET']
+```
+
+### Standalone (Rack)
+
+```ruby
+use OmniAuth::Builder do
+  provider :uber_eats_oauth2,
+    ENV['UBER_EATS_CLIENT_ID'],
+    ENV['UBER_EATS_CLIENT_SECRET']
+end
+```
+
+## Auth Hash Schema
+
+After successful authentication, `request.env['omniauth.auth']` will contain:
+
+```ruby
+{
+  provider: 'uber_eats_oauth2',
+  uid: 'abc123',            # store_id from Uber Eats
+  info: {
+    name: 'Pizza Palace',   # store name
+    business_name: 'Pizza Palace',
+    email: nil               # Uber Eats does not expose merchant email
+  },
+  credentials: {
+    token: 'ACCESS_TOKEN',
+    refresh_token: 'REFRESH_TOKEN',
+    expires_at: 1234567890,
+    expires: true
+  },
+  extra: {
+    raw_info: {
+      store_id: 'abc123',
+      store_name: 'Pizza Palace',
+      id: 'abc123',
+      status: 'ACTIVE'
+    }
+  }
+}
+```
+
+## Configuration Options
+
+| Option | Default | Description |
+|--------|---------|-------------|
+| `sandbox` | `false` | Reserved for future sandbox environment support |
+
+## Callback URL
+
+Uber Eats requires an **exact redirect URI match**. The strategy automatically strips query parameters from the callback URL before token exchange.
+
+Register your callback URL in the [Uber Developer Dashboard](https://developer.uber.com/):
+
+```
+https://yourdomain.com/auth/uber_eats_oauth2/callback
+```
+
+## Token Refresh
+
+Uber Eats access tokens are valid for **30 days** (2,592,000 seconds). To refresh:
+
+```ruby
+client = OAuth2::Client.new(
+  ENV['UBER_EATS_CLIENT_ID'],
+  ENV['UBER_EATS_CLIENT_SECRET'],
+  site: 'https://api.uber.com',
+  token_url: 'https://auth.uber.com/oauth/v2/token'
+)
+
+token = OAuth2::AccessToken.from_hash(client, {
+  access_token: stored_token,
+  refresh_token: stored_refresh_token
+})
+
+new_token = token.refresh!
+```
+
+## Scopes
+
+The default scope is `eats.pos_provisioning` (authorization_code flow for merchant connection). Other available scopes:
+
+- `eats.store` - Store data access
+- `eats.order` - Order data access
+- `eats.report` - Report data access
+
+## Development
+
+```bash
+git clone https://github.com/dan1d/omniauth-uber-eats-oauth2.git
+cd omniauth-uber-eats-oauth2
+bundle install
+bundle exec rspec      # Run tests (100% line + branch coverage required)
+bundle exec rubocop    # Run linter (0 offenses required)
+bundle exec rake       # Run both
+```
+
+## License
+
+The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/omniauth/strategies/uber_eats_oauth2.rb

@@ -0,0 +1,104 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+
+module OmniAuth
+  module Strategies
+    # OmniAuth strategy for Uber Eats OAuth2 (Delivery provider).
+    #
+    # Uber Eats uses OAuth2 with two grant types:
+    #   - authorization_code: for store provisioning (eats.pos_provisioning scope)
+    #   - client_credentials: for store/order/report data (eats.store, eats.order, eats.report)
+    #
+    # We use authorization_code flow for initial merchant connection, then
+    # client_credentials for ongoing API access (report data).
+    #
+    # Access tokens are valid for 30 days (2,592,000 seconds).
+    # Rate limit: 100 token requests per hour.
+    #
+    # API docs: https://developer.uber.com/docs/eats/guides/authentication
+    #
+    # @example Basic usage
+    #   provider :uber_eats_oauth2, ENV['UBER_EATS_CLIENT_ID'], ENV['UBER_EATS_CLIENT_SECRET']
+    #
+    class UberEatsOauth2 < OmniAuth::Strategies::OAuth2
+      option :name, 'uber_eats_oauth2'
+
+      option :client_options, {
+        site: 'https://api.uber.com',
+        authorize_url: 'https://auth.uber.com/oauth/v2/authorize',
+        token_url: 'https://auth.uber.com/oauth/v2/token',
+        auth_scheme: :request_body
+      }
+
+      option :authorize_params, {
+        response_type: 'code',
+        scope: 'eats.pos_provisioning'
+      }
+
+      option :sandbox, false
+
+      # Override to strip query params from callback_url for redirect_uri matching.
+      def build_access_token
+        redirect_uri = callback_url.sub(/\?.*/, '')
+        log(:info, "Token exchange — site: #{client.site}, redirect_uri: #{redirect_uri}")
+        verifier = request.params['code']
+        client.auth_code.get_token(
+          verifier,
+          { redirect_uri: redirect_uri }.merge(token_params.to_hash(symbolize_keys: true)),
+          deep_symbolize(options.auth_token_params)
+        )
+      rescue ::OAuth2::Error => e
+        log(:error, "Token exchange FAILED: status=#{e.response&.status} body=#{e.response&.body}")
+        raise
+      end
+
+      uid { raw_info['store_id'] || raw_info['id'] }
+
+      info do
+        {
+          name: raw_info['store_name'],
+          business_name: raw_info['store_name'],
+          email: nil # Uber Eats doesn't provide merchant email via API
+        }
+      end
+
+      extra do
+        { raw_info: raw_info }
+      end
+
+      def raw_info
+        @raw_info ||= fetch_store_info
+      end
+
+      private
+
+      def fetch_store_info
+        response = access_token.get('/v1/eats/stores')
+        parsed = response.parsed
+        stores = parsed['stores'] || []
+        store = stores.first
+
+        if store
+          {
+            'store_id' => store['store_id'],
+            'store_name' => store['name'] || store['store_name'],
+            'id' => store['store_id'],
+            'status' => store['status']
+          }
+        else
+          { 'store_id' => nil }
+        end
+      rescue StandardError => e
+        log(:warn, "Failed to fetch store info: #{e.message}")
+        { 'store_id' => nil }
+      end
+
+      def log(level, message)
+        return unless defined?(OmniAuth.logger) && OmniAuth.logger
+
+        OmniAuth.logger.send(level, "[UberEatsOauth2] #{message}")
+      end
+    end
+  end
+end

data/lib/omniauth/uber_eats_oauth2/version.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+module OmniAuth
+  module UberEatsOauth2
+    VERSION = '0.1.0'
+  end
+end

data/lib/omniauth-uber-eats-oauth2.rb

@@ -0,0 +1,5 @@
+# frozen_string_literal: true
+
+require 'omniauth-oauth2'
+require 'omniauth/uber_eats_oauth2/version'
+require 'omniauth/strategies/uber_eats_oauth2'

metadata

@@ -0,0 +1,149 @@
+--- !ruby/object:Gem::Specification
+name: omniauth-uber-eats-oauth2
+version: !ruby/object:Gem::Version
+  version: 0.1.0
+platform: ruby
+authors:
+- dan1d
+bindir: bin
+cert_chain: []
+date: 1980-01-02 00:00:00.000000000 Z
+dependencies:
+- !ruby/object:Gem::Dependency
+  name: omniauth-oauth2
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.8'
+- !ruby/object:Gem::Dependency
+  name: rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.12'
+- !ruby/object:Gem::Dependency
+  name: rubocop
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '1.75'
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.22'
+- !ruby/object:Gem::Dependency
+  name: simplecov-json
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '0.2'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: '3.18'
+description: An OmniAuth strategy for authenticating with Uber Eats using OAuth 2.0.
+  Supports store provisioning via the eats.pos_provisioning scope.
+email:
+- dan1d@users.noreply.github.com
+executables: []
+extensions: []
+extra_rdoc_files: []
+files:
+- CHANGELOG.md
+- LICENSE.txt
+- README.md
+- lib/omniauth-uber-eats-oauth2.rb
+- lib/omniauth/strategies/uber_eats_oauth2.rb
+- lib/omniauth/uber_eats_oauth2/version.rb
+homepage: https://github.com/dan1d/omniauth-uber-eats-oauth2
+licenses:
+- MIT
+metadata:
+  homepage_uri: https://github.com/dan1d/omniauth-uber-eats-oauth2
+  source_code_uri: https://github.com/dan1d/omniauth-uber-eats-oauth2
+  changelog_uri: https://github.com/dan1d/omniauth-uber-eats-oauth2/blob/main/CHANGELOG.md
+  rubygems_mfa_required: 'true'
+rdoc_options: []
+require_paths:
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: 3.0.0
+required_rubygems_version: !ruby/object:Gem::Requirement
+  requirements:
+  - - ">="
+    - !ruby/object:Gem::Version
+      version: '0'
+requirements: []
+rubygems_version: 3.6.9
+specification_version: 4
+summary: OmniAuth OAuth2 strategy for Uber Eats
+test_files: []