OAuth2 (OAuth2 v2.0.1) View Source
The OAuth2 specification
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service, or by allowing the third-party application to obtain access on its own behalf.
Currently implemented strategies:
- Authorization Code
- Client Credentials
Initialize a client with your
client = OAuth2.Client.new([ strategy: OAuth2.Strategy.AuthCode, # default strategy is AuthCode client_id: "client_id", client_secret: "abc123", site: "https://auth.example.com", redirect_uri: "https://example.com/auth/callback" ])
Generate the authorization URL and redirect the user to the provider.
OAuth2.Client.authorize_url(client) # => "https://auth.example.com/oauth/authorize?client_id=client_id&redirect_uri=https%3A%2F%2Fexample.com%2Fauth%2Fcallback&response_type=code"
Use the authorization code returned from the provider to obtain an access token.
client = OAuth2.Client.get_token!(client, code: "someauthcode")
Use the access token to make a request for resources
resource = OAuth2.Client.get!(client, "/api/resource").body