Skip to content

class OAuth::Consumer
inherits Reference

An OAuth consumer.

For a quick example of how to authenticate an HTTP::Client with OAuth if you already have an access token, check the OAuth module description.

This class also provides methods to get request tokens, build authorize URIs and get access tokens, as specified by RFC 5849.

Example

require "oauth"

consumer_key = "some_key"
consumer_secret = "some_secret"
oauth_callback = "http://some.callback"

# Create consumer, optionally pass custom URIs if needed,
# if the request, authorize or access_token URIs are not the standard ones
# (they can also be absolute URLs)
consumer = OAuth::Consumer.new("api.example.com", consumer_key, consumer_secret)

# Get a request token.
# We probably need to save this somewhere to get it back in the
# callback URL (saving token and secret should be enough)
request_token = consumer.get_request_token(oauth_callback)

# Build an authorize URI
authorize_uri = consumer.get_authorize_uri(request_token, oauth_callback)

# Redirect the user to `authorize_uri`...
#
# ...
#
# When http://some.callback is hit, once the user authorized the access,
# we resume our logic to finally get an access token. The callback URL
# should receive an `oauth_verifier` parameter that we need to use.
oauth_verifier = request.params["oauth_verifier"]

# Get the access token
access_token = consumer.get_access_token(request_token, oauth_verifier)

# Probably save the access token for reuse... This can be done
# with `to_json` and `from_json`.

# Use the token to authenticate an HTTP::Client
client = HTTP::Client.new("api.example.com", tls: true)
access_token.authenticate(client, consumer_key, consumer_secret)

# And do requests as usual
client.get "/some_path"

Class methods

.new(host : String, consumer_key : String, consumer_secret : String, port : Int32? = nil, scheme : String = "https", request_token_uri : String = "/oauth/request_token", authorize_uri : String = "/oauth/authorize", access_token_uri : String = "/oauth/access_token")

Creates an OAuth consumer.

Any or all of the customizable URIs request_token_uri, authorize_uri and access_token_uri can be relative or absolute. If they are relative, the given host, port and scheme will be used. If they are absolute, the absolute URL will be used.

View source

Methods

#authenticate(client : HTTP::Client, token : AccessToken) : Nil

Authenticated an HTTP::Client to add an OAuth authorization header, as specified by RFC 5849, Section 3.

View source

#get_access_token(request_token, oauth_verifier, extra_params = nil) : AccessToken

Gets an access token from a previously obtained request token and an oauth_verifier obtained from an authorize URI, as specified by RFC 5849, Section 2.3.

Raises OAuth::Error if there was an error getting the access token.

View source

#get_authorize_uri(request_token, oauth_callback = nil) : String

Returns an authorize URI from a given request token to redirect the user to obtain an access token, as specified by RFC 5849, Section 2.2.

View source

#get_authorize_uri(request_token, oauth_callback = nil, &block : URI::Params::Builder -> ) : String

Returns an authorize URI from a given request token to redirect the user to obtain an access token, as specified by RFC 5849, Section 2.2.

Yields an URI::Params::Builder to add extra parameters other than those defined by the standard.

View source

#get_request_token(oauth_callback = "oob")

Obtains a request token, also known as "temporary credentials", as specified by RFC 5849, Section 2.1.

Raises OAuth::Error if there was an error getting the request token.

View source