Oauth2 with Intridea Ruby Gem

OAuth2 with intridea ruby gem

There seems to be a problem how the oauth2 gem passes variabels inside the objects so mode and param_name seems to be lost on the way. A solution to the problem would be to create a new AccessToken object with the correct parameters instead of using the shorthand. This example is tested against Foursquares api and it works.

require "oauth2"

client = OAuth2::Client.new(
  "CLIENT_ID",
  "CLIENT_SECRET", 
  :authorize_url => "/oauth2/authorize", 
  :token_url => "/oauth2/access_token", 
  :site => "https://foursquare.com/"
)

puts client.auth_code.authorize_url(:redirect_uri => "http://localhost:4000")

code = gets.chomp

token = client.auth_code.get_token(code, :redirect_uri => "http://localhost:4000")

token = OAuth2::AccessToken.new(client, token.token, {
  :mode => :query,
  :param_name => "oauth_token",
})

response = token.get('https://api.foursquare.com/v2/users/self/checkins')

puts response.body

OAuth2 INTRIDEA gem and HTTP basic authentication header

After looking at the docs for the auth_code strategy and the code for oauth2/strategy/password.rb, oauth2/strategy/base.rb and oauth2/client.rb, it appears the OAuth2 gem will add the client_id and client_secret form parameters to the body but not the header. This is permitted but NOT RECOMMENDED by IETF RFC 6749. To add the IETF recommended Authorization header, it appears you need to add it as parameter as shown above.

More info: Pull request #192 covers this but may be stalled due to backward compatibility issues.

Related Topics