signet 0.5.0 → 0.5.1

data/lib/signet/version.rb

@@ -1,11 +1,11 @@
 # Copyright (C) 2010 Google Inc.
-# 
+#
 #    Licensed under the Apache License, Version 2.0 (the "License");
 #    you may not use this file except in compliance with the License.
 #    You may obtain a copy of the License at
-# 
+#
 #        http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 #    Unless required by applicable law or agreed to in writing, software
 #    distributed under the License is distributed on an "AS IS" BASIS,
 #    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -18,7 +18,7 @@ unless defined? Signet::VERSION
     module VERSION
       MAJOR = 0
       MINOR = 5
-      TINY  = 0
+      TINY  = 1
 
       STRING = [MAJOR, MINOR, TINY].join('.')
     end

data/spec/signet/oauth_1/client_spec.rb

@@ -66,6 +66,15 @@ describe Signet::OAuth1::Client, 'unconfigured' do
     )
   end
 
+  it 'should allow the authorization_uri to be set to a Hash' do
+    @client.authorization_uri = {
+      :scheme => 'http', :host => 'example.com', :path => '/authorize'
+    }
+    @client.authorization_uri.to_s.should include(
+      'http://example.com/authorize'
+    )
+  end
+
   it 'should allow the authorization_uri to be set to a URI' do
     @client.authorization_uri =
       Addressable::URI.parse('http://example.com/authorize')
@@ -83,6 +92,13 @@ describe Signet::OAuth1::Client, 'unconfigured' do
     @client.token_credential_uri.should === "http://example.com/"
   end
 
+  it 'should allow the token_credential_uri to be set to a Hash' do
+    @client.token_credential_uri = {
+      :scheme => 'http', :host => 'example.com', :path => '/token'
+    }
+    @client.token_credential_uri.to_s.should === 'http://example.com/token'
+  end
+
   it 'should allow the token_credential_uri to be set to a URI' do
     @client.token_credential_uri =
       Addressable::URI.parse("http://example.com/")
@@ -398,6 +414,26 @@ describe Signet::OAuth1::Client, 'configured' do
     @client.token_credential_secret = 'pfkkdhi9sl3r4s00'
   end
 
+  it 'should generate a JSON representation of the client' do
+    json = @client.to_json
+    json.should_not == nil
+
+    deserialized = MultiJson.load(json)
+    deserialized["temporary_credential_uri"].should ==
+      'http://example.com/temporary_credentials'
+    deserialized["authorization_uri"].should include(
+      'http://example.com/authorize')
+    deserialized["token_credential_uri"].should ==
+      'http://example.com/token_credentials'
+    deserialized["callback"].should == 'http://example.com/callback'
+    deserialized["client_credential_key"].should == 'dpf43f3p2l4k3l03'
+    deserialized["client_credential_secret"].should == 'kd94hf93k423kf44'
+    deserialized["temporary_credential_key"].should == 'hh5s93j4hdidpola'
+    deserialized["temporary_credential_secret"].should == 'hdhd0244k9j7ao03'
+    deserialized["token_credential_key"].should == 'nnch734d00sl2jdk'
+    deserialized["token_credential_secret"].should == 'pfkkdhi9sl3r4s00'
+  end
+
   it 'should generate an authorization URI with a callback' do
     @client.temporary_credential_key = nil
     @client.authorization_uri.should ===

data/spec/signet/oauth_1/signature_methods/plaintext_spec.rb

@@ -0,0 +1,66 @@
+# Copyright (C) 2010 Google Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__), "../../.."))
+$:.unshift(spec_dir)
+$:.uniq!
+
+require 'spec_helper'
+
+require 'signet'
+require 'signet/oauth_1/signature_methods/plaintext'
+
+describe Signet::OAuth1::PLAINTEXT do
+  it 'should correctly generate a signature' do
+    method = "GET"
+    uri = "http://photos.example.net/photos"
+    parameters = {
+        "oauth_consumer_key" => "dpf43f3p2l4k3l03",
+        "oauth_token" => "nnch734d00sl2jdk",
+        "oauth_signature_method" => "HMAC-SHA1",
+        "oauth_timestamp" => "1191242096",
+        "oauth_nonce" => "kllo9940pd9333jh",
+        "oauth_version" => "1.0",
+        "file" => "vacation.jpg",
+        "size" => "original"
+    }
+    client_credential_secret = "kd94hf93k423kf44"
+    token_credential_secret = "pfkkdhi9sl3r4s00"
+    base_string = Signet::OAuth1.generate_base_string(method, uri, parameters)
+    Signet::OAuth1::PLAINTEXT.generate_signature(
+        base_string, client_credential_secret, token_credential_secret
+    ).should == "kd94hf93k423kf44%26pfkkdhi9sl3r4s00"
+  end
+
+  it 'should correctly generate a signature' do
+    method = "GET"
+    uri = "http://photos.example.net/photos"
+    parameters = {
+        "oauth_consumer_key" => "www.example.com",
+        "oauth_token" => "4/QL2GT6b5uznYem1ZGH6v+-9mMvRL",
+        "oauth_signature_method" => "HMAC-SHA1",
+        "oauth_timestamp" => "1191242096",
+        "oauth_nonce" => "kllo9940pd9333jh",
+        "oauth_version" => "1.0",
+        "file" => "vacation.jpg",
+        "size" => "original"
+    }
+    client_credential_secret = "Kv+o2XXL/9RxkQW3lO3QTVlH"
+    token_credential_secret = "QllSuL9eQ5FXFO1Z/HcgL4ON"
+    base_string = Signet::OAuth1.generate_base_string(method, uri, parameters)
+    Signet::OAuth1::PLAINTEXT.generate_signature(
+        base_string, client_credential_secret, token_credential_secret
+    ).should == "Kv%252Bo2XXL%252F9RxkQW3lO3QTVlH%26QllSuL9eQ5FXFO1Z%252FHcgL4ON"
+  end
+end

data/spec/signet/oauth_1/signature_methods/rsa_sha1_spec.rb

@@ -0,0 +1,132 @@
+# Copyright (C) 2010 Google Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+spec_dir = File.expand_path(File.join(File.dirname(__FILE__), "../../.."))
+$:.unshift(spec_dir)
+$:.uniq!
+
+require 'spec_helper'
+
+require 'signet'
+require 'signet/oauth_1/signature_methods/rsa_sha1'
+
+describe Signet::OAuth1::RSASHA1 do
+  it 'should correctly generate a signature' do
+    method = "GET"
+    uri = "http://term.ie/oauth/example/request_token.php"
+    parameters = {
+        "oauth_consumer_key" => "key",
+        "oauth_signature_method" => "RSA-SHA1",
+        "oauth_timestamp" => "1377815426",
+        "oauth_nonce" => "c3839c47cb204a20e042b11a5cc9f971",
+        "oauth_version" => "1.0"
+    }
+    client_credential_secret = "-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----"
+    token_credential_secret = "pfkkdhi9sl3r4s00"
+    base_string = Signet::OAuth1.generate_base_string(method, uri, parameters)
+
+    Signet::OAuth1::RSASHA1.generate_signature(
+        base_string, client_credential_secret, token_credential_secret
+    ).should == "P72T4RS8dVBneQPJSY71D3iLEjge2tiivxEasPVoaoDldDgPdwpQfhS1q0th19jB3B3+9P6tBWjpWaVPxrNZe3ssBCiwS/EmXZ/6VCJGU3YoDHMtz+0jCd36NjHj5I6TpLVQ8/rtfy6+EzpdUMz7ydnhKXYqJFPOWnNv8HM1W7I="
+  end
+end
+
+describe Signet::OAuth1::RSASHA1 do
+  it 'should correctly generate a signature' do
+    method = "GET"
+    uri = "http://photos.example.net/photos"
+    parameters = {
+        "oauth_consumer_key" => "dpf43f3p2l4k3l03",
+        "oauth_signature_method" => "RSA-SHA1",
+        "oauth_timestamp" => "1196666512",
+        "oauth_nonce" => "13917289812797014437",
+        "oauth_version" => "1.0",
+        "file" => "vacaction.jpg",
+        "size" => "original"
+    }
+    client_credential_secret = "-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----"
+    token_credential_secret = "pfkkdhi9sl3r4s00"
+    base_string = Signet::OAuth1.generate_base_string(method, uri, parameters)
+
+    Signet::OAuth1::RSASHA1.generate_signature(
+        base_string, client_credential_secret, token_credential_secret
+    ).should == "jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE="
+  end
+
+
+  it 'should correctly generate a signature' do
+    method = "GET"
+    uri = "http://term.ie/oauth/example/access_token.php"
+    parameters = {
+        "oauth_consumer_key" => "key",
+        "oauth_token" => "requestkey",
+        "oauth_signature_method" => "RSA-SHA1",
+        "oauth_timestamp" => "1377815426",
+        "oauth_nonce" => "8ae9ac8192dd3cd7372e0324bf879602",
+        "oauth_version" => "1.0",
+    }
+    client_credential_secret = "-----BEGIN PRIVATE KEY-----
+MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
+A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
+7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
+hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
+X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
+uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
+rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
+zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
+qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
+WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
+cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
+3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
+AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
+Lw03eHTNQghS0A==
+-----END PRIVATE KEY-----"
+    token_credential_secret = "QllSuL9eQ5FXFO1Z/HcgL4ON"
+    base_string = Signet::OAuth1.generate_base_string(method, uri, parameters)
+    Signet::OAuth1::RSASHA1.generate_signature(
+        base_string, client_credential_secret, token_credential_secret
+    ).should == "Q1O7Ovi0jdacl/OTJoH3MAyOO/9H/tTXmoJzP/YqiKEJ+/wfShXo1RXX0xmlcjDR1XYxB1RMgHkFWQYYwz1qGCUhkXlH1c/to2qxPksptfPHRe7PJTxRClrdqLFOlhN7w2kO7tHVCeEp8IJIKON9q7cdXroTP7ctPPS+Q883SS0="
+  end
+
+end

data/spec/signet/oauth_2/client_spec.rb

@@ -28,7 +28,12 @@ describe Signet::OAuth2::Client, 'unconfigured' do
   before do
     @client = Signet::OAuth2::Client.new
   end
-
+  it 'should allow additional paraemters to be set.' do
+    @client.additional_parameters['type'] =
+        'web_server'
+    @client.additional_parameters.should ==
+        {'type' => 'web_server'}
+  end
   it 'should raise an error if a bogus scope is provided' do
     (lambda do
       @client = Signet::OAuth2::Client.new(:scope => :bogus)
@@ -69,14 +74,23 @@ describe Signet::OAuth2::Client, 'unconfigured' do
       @client = Signet::OAuth2::Client.new(:redirect_uri => '/relative/path')
     end).should raise_error(ArgumentError)
   end
-  
+
   it 'should allow "postmessage" as a redirect URI (Google hack)' do
     @client.authorization_uri = 'https://example.com/authorize'
     @client.client_id = 's6BhdRkqt3'
     @client.redirect_uri = 'postmessage'
     @client.authorization_uri.query_values['redirect_uri'].should == 'postmessage'
   end
-  
+
+  it 'should allow oob values as a redirect URI (for installed apps)' do
+    @client.authorization_uri = 'https://example.com/authorize'
+    @client.client_id = 's6BhdRkqt3'
+    @client.redirect_uri = 'urn:ietf:wg:oauth:2.0:oob'
+    @client.authorization_uri.query_values['redirect_uri'].should == 'urn:ietf:wg:oauth:2.0:oob'
+    @client.redirect_uri = 'oob'
+    @client.authorization_uri.query_values['redirect_uri'].should == 'oob'
+  end
+
   it 'should have no authorization_uri' do
     @client.authorization_uri.should == nil
   end
@@ -94,6 +108,21 @@ describe Signet::OAuth2::Client, 'unconfigured' do
     )
   end
 
+  it 'should allow the authorization_uri to be set to a Hash' do
+    @client.authorization_uri = {
+      :scheme => 'https', :host => 'example.com', :path => '/authorize'
+    }
+    @client.client_id = 's6BhdRkqt3'
+    @client.redirect_uri = 'https://example.client.com/callback'
+    @client.authorization_uri.to_s.should include(
+      'https://example.com/authorize'
+    )
+    @client.authorization_uri.query_values['client_id'].should == 's6BhdRkqt3'
+    @client.authorization_uri.query_values['redirect_uri'].should == (
+      'https://example.client.com/callback'
+    )
+  end
+
   it 'should allow the authorization_uri to be set to a URI' do
     @client.authorization_uri =
       Addressable::URI.parse('https://example.com/authorize')
@@ -137,6 +166,13 @@ describe Signet::OAuth2::Client, 'unconfigured' do
     @client.token_credential_uri.should === "https://example.com/token"
   end
 
+  it 'should allow the token_credential_uri to be set to a Hash' do
+    @client.token_credential_uri = {
+      :scheme => 'https', :host => 'example.com', :path => '/token'
+    }
+    @client.token_credential_uri.to_s.should === 'https://example.com/token'
+  end
+
   it 'should allow the token_credential_uri to be set to a URI' do
     @client.token_credential_uri =
       Addressable::URI.parse("https://example.com/token")
@@ -145,7 +181,7 @@ describe Signet::OAuth2::Client, 'unconfigured' do
 end
 
 describe Signet::OAuth2::Client, 'configured for assertions profile' do
-  
+
   describe 'when using RSA keys' do
     before do
       @key = OpenSSL::PKey::RSA.new 2048
@@ -181,7 +217,6 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       claim["aud"].should == 'https://accounts.google.com/o/oauth2/token'
     end
 
-
     it 'should generate valid JWTs for impersonation using deprecated person attribute' do
       @client.person = 'user@example.com'
       jwt = @client.to_jwt
@@ -194,6 +229,33 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
       claim["aud"].should == 'https://accounts.google.com/o/oauth2/token'
     end
 
+    it 'should generate valid JWTs for impersonation using the sub attribute' do
+      @client.sub = 'user@example.com'
+      jwt = @client.to_jwt
+      jwt.should_not == nil
+
+      claim = JWT.decode(jwt, @key.public_key, true)
+      claim["iss"].should == 'app@example.com'
+      claim["sub"].should == 'user@example.com'
+      claim["scope"].should == 'https://www.googleapis.com/auth/userinfo.profile'
+      claim["aud"].should == 'https://accounts.google.com/o/oauth2/token'
+    end
+
+    it 'should generate a JSON representation of the client' do
+      @client.principal = 'user@example.com'
+      json = @client.to_json
+      json.should_not == nil
+
+      deserialized = MultiJson.load(json)
+      deserialized["token_credential_uri"].should ==
+        'https://accounts.google.com/o/oauth2/token'
+      deserialized["scope"].should ==
+        ['https://www.googleapis.com/auth/userinfo.profile']
+      deserialized["issuer"].should == 'app@example.com'
+      deserialized["audience"].should == 'https://accounts.google.com/o/oauth2/token'
+      deserialized["signing_key"].should == @key.to_s
+    end
+
     it 'should send valid access token request' do
       stubs = Faraday::Adapter::Test::Stubs.new do |stub|
         stub.post('/o/oauth2/token') do |env|
@@ -213,10 +275,10 @@ describe Signet::OAuth2::Client, 'configured for assertions profile' do
 
       @client.fetch_access_token!(:connection => connection)
       @client.access_token.should == "1/abcdef1234567890"
-      stubs.verify_stubbed_calls    
+      stubs.verify_stubbed_calls
     end
   end
-    
+
   describe 'when using shared secrets' do
     before do
       @key = 'my secret key'
@@ -304,12 +366,12 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
     @client.grant_type = 'urn:ietf:params:oauth:grant-type:saml2-bearer'
     @client.extension_parameters['assertion'] =
       'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'
-      
+
     request = @client.generate_access_token_request
     params = Addressable::URI.form_unencode(request.body)
     params.should include(['assertion', 'PEFzc2VydGlvbiBJc3N1ZUluc3RhbnQ9IjIwMTEtMDU'])
   end
-  
+
   it 'should allow the token to be updated' do
     issued_at = Time.now
     @client.update_token!(
@@ -351,19 +413,19 @@ describe Signet::OAuth2::Client, 'configured for Google userinfo API' do
   end
 
   it 'should allow the expires_at time to be updated' do
-    expires_at = Time.now.round - 100
+    expires_at = Time.now
     @client.update_token!(
       :expires_at => expires_at.to_i,
       :expires_in => nil
     )
-    @client.expires_at.should == expires_at
+    @client.expires_at.should be_within(1).of(expires_at)
     @client.should be_expired
   end
 
   it 'should allow setting expires_at manually' do
-    expires_at = Time.now.round + 100
+    expires_at = Time.now+100
     @client.expires_at = expires_at.to_i
-    @client.expires_at.should == expires_at
+    @client.expires_at.should be_within(1).of(expires_at)
     @client.should_not be_expired
   end
 
@@ -818,3 +880,62 @@ PUBKEY
     stubs.verify_stubbed_calls
   end
 end
+
+describe Signet::OAuth2::Client, 'authorization_uri' do
+  before do
+    @client = Signet::OAuth2::Client.new(
+      :client_id => 's6BhdRkqt3',
+      :redirect_uri => 'https://example.client.com/callback',
+      :authorization_uri => 'https://example.com/authorize'
+    )
+  end
+
+  it 'should set access_type to offline by default' do
+    @client.authorization_uri.query_values['access_type'].should == 'offline'
+  end
+
+  it 'should set response_type to code by default' do
+    @client.authorization_uri.query_values['response_type'].should == 'code'
+  end
+
+  it 'should raise an error when setting both prompt and approval_prompt' do
+    (lambda do
+      @client.authorization_uri(:approval_prompt => 'force', :prompt => 'consent')
+    end).should raise_error(ArgumentError)
+  end
+end
+
+describe Signet::OAuth2::Client, 'configured with custom parameters' do
+  before do
+    @client = Signet::OAuth2::Client.new(
+        :client_id => 's6BhdRkqt3',
+        :redirect_uri => 'https://example.client.com/callback',
+        :authorization_uri => 'https://example.com/authorize',
+        :token_credential_uri => 'https://example.com/token',
+        :additional_parameters =>{'type' => 'web_server'}
+    )
+  end
+
+  it 'should allow custom parameters to be set on init' do
+    @client.additional_parameters.should == {'type' => 'web_server'}
+  end
+
+  it 'should allow custom parameters to be updated' do
+    @client.update!(:additional_parameters => {'type' => 'new_type'})
+    @client.additional_parameters.should == {'type' => 'new_type'}
+  end
+
+  it 'should use custom parameters when generating authorization_uri' do
+    @client.authorization_uri().query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "redirect_uri"=>"https://example.client.com/callback", "response_type"=>"code", "type"=>"web_server"}
+  end
+  it 'should merge new authorization_uri custom parameters' do
+    @client.authorization_uri(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).query_values.should == {"access_type"=>"offline", "client_id"=>"s6BhdRkqt3", "new_param"=>"new_val",  "response_type"=>"code","redirect_uri"=>"https://example.client.com/callback", "type"=>"new_type"}
+  end
+
+  it 'should merge new generate_access_token_request custom parameters' do
+    @client.update!(:code=>'12345')
+    body = @client.generate_access_token_request(:additional_parameters => {'type' => 'new_type', 'new_param' => 'new_val'}).body
+    body.should include("type=new_type")
+    body.should include("new_param=new_val")
+  end
+end