Class: SimpleOAuth::Header

Inherits:
Object
  • Object
show all
Extended by:
Encoding, ClassMethods
Defined in:
lib/simple_oauth/header.rb,
lib/simple_oauth/header/class_methods.rb

Overview

Generates OAuth 1.0 Authorization headers for HTTP requests

API:

  • public

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

OAUTH_SCHEME =

OAuth header scheme prefix

API:

  • public

"OAuth".freeze
OAUTH_PREFIX =

Prefix for OAuth parameters

API:

  • public

"oauth_".freeze
DEFAULT_SIGNATURE_METHOD =

Default signature method per RFC 5849

API:

  • public

"HMAC-SHA1".freeze
OAUTH_VERSION =

OAuth version

API:

  • public

"1.0".freeze
ATTRIBUTE_KEYS =

Valid OAuth attribute keys that can be included in the header

API:

  • public

i[body_hash callback consumer_key nonce signature_method timestamp token verifier version].freeze
IGNORED_KEYS =

Keys that are used internally but should not appear in attributes

API:

  • public

i[consumer_secret token_secret signature realm ignore_extra_keys].freeze
PARSE_KEYS =

Valid keys when parsing OAuth parameters (ATTRIBUTE_KEYS + signature)

API:

  • public

[*ATTRIBUTE_KEYS, :signature].freeze

Constants included from Encoding

Encoding::UNRESERVED_CHARS

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from ClassMethods

body_hash, default_options, parse, parse_form_body

Methods included from Encoding

escape, unescape

Constructor Details

#initialize(method, url, params, oauth = {}, body = nil) ⇒ Header

Creates a new OAuth header

Examples:

Create a header with OAuth options

SimpleOAuth::Header.new(:get, "https://api.example.com/resource", {},
  consumer_key: "key", consumer_secret: "secret")

Create a header by parsing an existing Authorization header

SimpleOAuth::Header.new(:get, "https://api.example.com/resource", {}, existing_header)

Create a header with a JSON body (oauth_body_hash will be computed)

SimpleOAuth::Header.new(:post, "https://api.example.com/resource", {},
  {consumer_key: "key", consumer_secret: "secret"}, '{"text": "Hello"}')

Parameters:

  • the HTTP method

  • the request URL

  • the request parameters (for form-encoded bodies)

  • (defaults to: {})

    OAuth options hash or an existing Authorization header to parse

  • (defaults to: nil)

    raw request body for oauth_body_hash (for non-form-encoded bodies)

API:

  • public



82
83
84
85
86
87
88
 
# File 'lib/simple_oauth/header.rb', line 82

def initialize(method, url, params, oauth = {}, body = nil)
  @method = method.to_s.upcase
  @uri = normalize_uri(url)
  @params = params
  @body = body
  @options = build_options(oauth, body)
end

Instance Attribute Details

#bodyString? (readonly)

The raw request body for oauth_body_hash computation

Examples:

header.body # => '{"text": "Hello"}'

Returns:

  • the request body

API:

  • public



54
55
56
 
# File 'lib/simple_oauth/header.rb', line 54

def body
  @body
end

#methodString (readonly)

The HTTP method for the request

Examples:

header.method # => "GET"

Returns:

  • the HTTP method (GET, POST, etc.)

API:

  • public



40
41
42
 
# File 'lib/simple_oauth/header.rb', line 40

def method
  @method
end

#optionsHash (readonly)

The OAuth options including credentials and signature

Examples:

header.options # => {consumer_key: "key", nonce: "..."}

Returns:

  • the OAuth options

API:

  • public



61
62
63
 
# File 'lib/simple_oauth/header.rb', line 61

def options
  @options
end

#paramsHash (readonly)

The request parameters to be signed

Examples:

header.params # => {"status" => "Hello"}

Returns:

  • the request parameters

API:

  • public



47
48
49
 
# File 'lib/simple_oauth/header.rb', line 47

def params
  @params
end

Instance Method Details

#signed_attributesHash

Returns the OAuth attributes including the signature

Examples:

header.signed_attributes
# => {oauth_consumer_key: "key", oauth_signature: "...", ...}

Returns:

  • OAuth attributes with oauth_signature included

API:

  • public



139
140
141
 
# File 'lib/simple_oauth/header.rb', line 139

def signed_attributes
  header_attributes.merge(oauth_signature: signature)
end

#to_sString

Returns the OAuth Authorization header string

Examples:

header = SimpleOAuth::Header.new(:get, "https://api.example.com/", {},
  consumer_key: "key", consumer_secret: "secret")
header.to_s
# => "OAuth oauth_consumer_key=\"key\", oauth_nonce=\"...\", ..."

Returns:

  • the Authorization header value

API:

  • public



111
112
113
 
# File 'lib/simple_oauth/header.rb', line 111

def to_s
  "#{OAUTH_SCHEME} #{normalized_attributes}"
end

#urlString

Returns the normalized URL without query string or fragment

Examples:

header = SimpleOAuth::Header.new(:get, "https://api.example.com/path?query=1", {})
header.url
# => "https://api.example.com/path"

Returns:

  • the normalized URL

API:

  • public



98
99
100
 
# File 'lib/simple_oauth/header.rb', line 98

def url
  @uri.dup.tap { |uri| uri.query = nil }.to_str
end

#valid?(secrets = {}) ⇒ Boolean

Validates the signature in the header against the provided secrets

Examples:

parsed_header = SimpleOAuth::Header.new(:get, url, {}, authorization_header)
parsed_header.valid?(consumer_secret: "secret", token_secret: "token_secret")
# => true

Parameters:

  • (defaults to: {})

    the consumer_secret and token_secret for validation

Returns:

  • true if the signature is valid, false otherwise

API:

  • public



124
125
126
127
128
129
130
 
# File 'lib/simple_oauth/header.rb', line 124

def valid?(secrets = {})
  original_options = options.dup #: Hash[Symbol, untyped]
  options.merge!(secrets)
  options.fetch(:signature).eql?(signature)
ensure
  options.replace(original_options)
end