class Google::Auth::UserRefreshCredentials
Authenticates requests using User Refresh credentials.
This class allows authorizing requests from user refresh tokens.
This the end of the result of a 3LO flow. E.g, the end result of 'gcloud auth login' saves a file with these contents in well known location
cf [Application Default Credentials](goo.gl/mkAHpZ)
Constants
- AUTHORIZATION_URI
- REVOKE_TOKEN_URI
- TOKEN_CRED_URI
Public Class Methods
make_creds(options = {})
click to toggle source
Create a UserRefreshCredentials.
@param json_key_io [IO] an IO from which the JSON key can be read @param scope [string|array|nil] the scope(s) to access
# File lib/googleauth/user_refresh.rb, line 58 def self.make_creds(options = {}) json_key_io, scope = options.values_at(:json_key_io, :scope) user_creds = read_json_key(json_key_io) if json_key_io user_creds ||= { 'client_id' => ENV[CredentialsLoader::CLIENT_ID_VAR], 'client_secret' => ENV[CredentialsLoader::CLIENT_SECRET_VAR], 'refresh_token' => ENV[CredentialsLoader::REFRESH_TOKEN_VAR] } new(token_credential_uri: TOKEN_CRED_URI, client_id: user_creds['client_id'], client_secret: user_creds['client_secret'], refresh_token: user_creds['refresh_token'], scope: scope) end
new(options = {})
click to toggle source
Calls superclass method
# File lib/googleauth/user_refresh.rb, line 85 def initialize(options = {}) options ||= {} options[:token_credential_uri] ||= TOKEN_CRED_URI options[:authorization_uri] ||= AUTHORIZATION_URI super(options) end
read_json_key(json_key_io)
click to toggle source
Reads the client_id, client_secret and refresh_token fields from the JSON key.
# File lib/googleauth/user_refresh.rb, line 76 def self.read_json_key(json_key_io) json_key = MultiJson.load(json_key_io.read) wanted = %w(client_id client_secret refresh_token) wanted.each do |key| raise "the json is missing the #{key} field" unless json_key.key?(key) end json_key end
Public Instance Methods
includes_scope?(required_scope)
click to toggle source
Verifies that a credential grants the requested scope
@param [Array<String>, String] required_scope
Scope to verify
@return [Boolean]
True if scope is granted
# File lib/googleauth/user_refresh.rb, line 116 def includes_scope?(required_scope) missing_scope = Google::Auth::ScopeUtil.normalize(required_scope) - Google::Auth::ScopeUtil.normalize(scope) missing_scope.empty? end
revoke!(options = {})
click to toggle source
Revokes the credential
# File lib/googleauth/user_refresh.rb, line 93 def revoke!(options = {}) c = options[:connection] || Faraday.default_connection retry_with_error do resp = c.get(REVOKE_TOKEN_URI, token: refresh_token || access_token) case resp.status when 200 self.access_token = nil self.refresh_token = nil self.expires_at = 0 else raise(Signet::AuthorizationError, "Unexpected error code #{resp.status}") end end end