Class: CloverSandboxSimulator::Services::Clover::OauthService

Inherits:

BaseService

• Object
• BaseService
• CloverSandboxSimulator::Services::Clover::OauthService

Defined in:

lib/clover_sandbox_simulator/services/clover/oauth_service.rb

Overview

Manages Clover OAuth2 authentication Handles token refresh and validation using omniauth-clover-oauth2

Usage:

oauth = OauthService.new

# Check if token needs refresh
if oauth.token_expired?
  new_token = oauth.refresh_token
end

# Get authorization URL for initial auth
url = oauth.authorization_url

Constant Summary

SANDBOX_AUTH_URL =

Sandbox OAuth endpoints

"https://sandbox.dev.clover.com/oauth/v2/authorize"

SANDBOX_TOKEN_URL =

"https://sandbox.dev.clover.com/oauth/v2/token"

PRODUCTION_AUTH_URL =

Production OAuth endpoints

"https://www.clover.com/oauth/v2/authorize"

PRODUCTION_TOKEN_URL =

"https://www.clover.com/oauth/v2/token"

Instance Attribute Summary

• #app_id ⇒ Object readonly

  Returns the value of attribute app_id.

• #app_secret ⇒ Object readonly

  Returns the value of attribute app_secret.

Attributes inherited from BaseService

#config, #logger

Instance Method Summary

• #authorization_url(redirect_uri:, merchant_id: nil) ⇒ String

  Get the authorization URL for user consent.

• #decode_token(token) ⇒ Hash

  Get token info from a JWT.

• #exchange_code(code:, redirect_uri:) ⇒ Hash

  Exchange authorization code for tokens.

• #initialize(config: nil, app_id: nil, app_secret: nil) ⇒ OauthService constructor

  A new instance of OauthService.

• #oauth_configured? ⇒ Boolean

  Check if OAuth credentials are configured.

• #refresh_current_merchant_token ⇒ Hash^?

  Refresh the token for the current merchant using stored refresh token Updates both config and .env.json.

• #refresh_token(refresh_token) ⇒ Hash

  Refresh an expired access token.

• #save_token_to_json(merchant_id, access_token) ⇒ Object

  Alias for backwards compatibility.

• #save_tokens_to_json(merchant_id, access_token: nil, refresh_token: nil) ⇒ Object

  Save tokens to .env.json for a specific merchant.

• #token_expired?(token = nil) ⇒ Boolean

  Check if the current API token is expired Clover JWT tokens have an ‘exp’ claim.

• #update_config_token(access_token) ⇒ Object

  Update the configuration with a new token.

Constructor Details

#initialize(config: nil, app_id: nil, app_secret: nil) ⇒ OauthService

Returns a new instance of OauthService.

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 33

def initialize(config: nil, app_id: nil, app_secret: nil)
  super(config: config)
  @app_id = app_id || ENV.fetch("CLOVER_APP_ID", nil)
  @app_secret = app_secret || ENV.fetch("CLOVER_APP_SECRET", nil)
end

Instance Attribute Details

#app_id ⇒ Object (readonly)

Returns the value of attribute app_id.

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 31

def app_id
  @app_id
end

#app_secret ⇒ Object (readonly)

Returns the value of attribute app_secret.

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 31

def app_secret
  @app_secret
end

Instance Method Details

#authorization_url(redirect_uri:, merchant_id: nil) ⇒ String

Get the authorization URL for user consent

Parameters:

• redirect_uri (String) —

  Callback URL after authorization

• merchant_id (String, nil) (defaults to: nil) —

  Optional merchant ID to pre-select

Returns:

• (String) —

  Authorization URL

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 50

def authorization_url(redirect_uri:, merchant_id: nil)
  validate_oauth_config!

  params = {
    client_id: app_id,
    redirect_uri: redirect_uri,
    response_type: "code"
  }
  params[:merchant_id] = merchant_id if merchant_id

  "#{auth_endpoint}?#{URI.encode_www_form(params)}"
end

#decode_token(token) ⇒ Hash

Get token info from a JWT

Parameters:

• token (String) —

  JWT token to decode

Returns:

• (Hash) —

  Decoded payload

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 148

def decode_token(token)
  parts = token.split(".")
  raise ArgumentError, "Invalid JWT format" unless parts.length == 3

  payload = JSON.parse(Base64.decode64(parts[1]))

  {
    merchant_id: payload["merchant_uuid"],
    app_id: payload["app_uuid"],
    issued_at: Time.at(payload["iat"]),
    expires_at: Time.at(payload["exp"]),
    permissions: payload["permission_bitmap"]
  }
rescue StandardError => e
  logger.error "Failed to decode token: #{e.message}"
  {}
end

#exchange_code(code:, redirect_uri:) ⇒ Hash

Exchange authorization code for tokens

Parameters:

• code (String) —

  Authorization code from callback

• redirect_uri (String) —

  Same redirect URI used in authorization

Returns:

• (Hash) —

  Token response with access_token, refresh_token, etc.

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 68

def exchange_code(code:, redirect_uri:)
  validate_oauth_config!

  logger.info "Exchanging authorization code for tokens..."

  response = RestClient.post(
    token_endpoint,
    {
      client_id: app_id,
      client_secret: app_secret,
      code: code,
      redirect_uri: redirect_uri,
      grant_type: "authorization_code"
    },
    { "Content-Type" => "application/x-www-form-urlencoded" }
  )

  tokens = JSON.parse(response.body)
  logger.info "Token exchange successful"
  tokens
rescue RestClient::ExceptionWithResponse => e
  handle_oauth_error(e)
end

#oauth_configured? ⇒ Boolean

Check if OAuth credentials are configured

Returns:

• (Boolean)

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 40

def oauth_configured?
  !app_id.nil? && !app_id.empty? &&
    !app_secret.nil? && !app_secret.empty?
end

#refresh_current_merchant_token ⇒ Hash^?

Refresh the token for the current merchant using stored refresh token Updates both config and .env.json

Returns:

• (Hash, nil) —

  New token response or nil on failure

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 178

def refresh_current_merchant_token
  unless config.refresh_token && !config.refresh_token.empty?
    logger.warn "No refresh token available for current merchant"
    return nil
  end

  tokens = refresh_token(config.refresh_token)
  return nil unless tokens

  # Update config
  update_config_token(tokens["access_token"])

  # Save to .env.json
  save_tokens_to_json(
    config.merchant_id,
    access_token: tokens["access_token"],
    refresh_token: tokens["refresh_token"]
  )

  tokens
end

#refresh_token(refresh_token) ⇒ Hash

Refresh an expired access token

Parameters:

• refresh_token (String) —

  The refresh token

Returns:

• (Hash) —

  New token response

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 96

def refresh_token(refresh_token)
  validate_oauth_config!

  logger.info "Refreshing access token..."

  response = RestClient.post(
    token_endpoint,
    {
      client_id: app_id,
      client_secret: app_secret,
      refresh_token: refresh_token,
      grant_type: "refresh_token"
    },
    { "Content-Type" => "application/x-www-form-urlencoded" }
  )

  tokens = JSON.parse(response.body)
  logger.info "Token refresh successful"
  tokens
rescue RestClient::ExceptionWithResponse => e
  handle_oauth_error(e)
end

#save_token_to_json(merchant_id, access_token) ⇒ Object

Alias for backwards compatibility

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 228

def save_token_to_json(merchant_id, access_token)
  save_tokens_to_json(merchant_id, access_token: access_token)
end

#save_tokens_to_json(merchant_id, access_token: nil, refresh_token: nil) ⇒ Object

Save tokens to .env.json for a specific merchant

Parameters:

• merchant_id (String) —

  Merchant ID to update

• access_token (String, nil) (defaults to: nil) —

  New access token

• refresh_token (String, nil) (defaults to: nil) —

  New refresh token

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 205

def save_tokens_to_json(merchant_id, access_token: nil, refresh_token: nil)
  file_path = config.class::MERCHANTS_FILE
  return unless File.exist?(file_path)

  merchants = JSON.parse(File.read(file_path))

  merchant = merchants.find { |m| m["CLOVER_MERCHANT_ID"] == merchant_id }
  if merchant
    merchant["CLOVER_API_TOKEN"] = access_token if access_token
    merchant["CLOVER_REFRESH_TOKEN"] = refresh_token if refresh_token
    # Also update config
    config.refresh_token = refresh_token if refresh_token

    File.write(file_path, JSON.pretty_generate(merchants))
    logger.info "Tokens saved to .env.json for merchant #{merchant_id}"
  else
    logger.warn "Merchant #{merchant_id} not found in .env.json"
  end
rescue StandardError => e
  logger.error "Failed to save tokens: #{e.message}"
end

#token_expired?(token = nil) ⇒ Boolean

Check if the current API token is expired Clover JWT tokens have an ‘exp’ claim

Parameters:

• token (String, nil) (defaults to: nil) —

  Token to check (defaults to config.api_token)

Returns:

• (Boolean) —

  True if token is expired or invalid

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 124

def token_expired?(token = nil)
  token ||= config.api_token
  return true if token.nil? || token.empty? || token == "NEEDS_REFRESH"

  # Decode JWT to check expiration
  parts = token.split(".")
  return true unless parts.length == 3

  payload = JSON.parse(Base64.decode64(parts[1]))
  exp = payload["exp"]

  return true unless exp

  # Token is expired if exp is in the past (with 60s buffer)
  Time.now.to_i >= (exp - 60)
rescue StandardError => e
  logger.debug "Could not decode token: #{e.message}"
  true
end

#update_config_token(access_token) ⇒ Object

Update the configuration with a new token

Parameters:

• access_token (String) —

  New access token

# File 'lib/clover_sandbox_simulator/services/clover/oauth_service.rb', line 169

def update_config_token(access_token)
  config.api_token = access_token
  logger.info "Configuration updated with new token"
end