Class: HighLevel::Oauth

Inherits:

Object

• Object
• HighLevel::Oauth

Defined in:

lib/high_level/oauth.rb

Overview

OAuth 2.0 client for the HighLevel API.

Source of truth: marketplace.gohighlevel.com/docs/ghl/oauth/

All HTTP methods POST application/x-www-form-urlencoded bodies; this class owns its own Faraday connection rather than reusing the main client’s (which is JSON-encoded).

Constant Summary

MARKETPLACE_URL =

Base URL for the marketplace authorization page.

"https://marketplace.gohighlevel.com"

USER_TYPES =

The accepted user_type values for the token endpoints.

%w[Location Company].freeze

Instance Method Summary

• #authorization_url(scope:, redirect_uri: nil) ⇒ Object

  Build the URL the end user is redirected to in order to grant the app access.

• #exchange_code(code:, user_type:, redirect_uri: nil) ⇒ Object

  Exchange an authorization code for an access + refresh token pair.

• #get_location_access_token(company_id:, location_id:, authorization_token: nil) ⇒ Object

  Derive a location-scoped access token from an agency token.

• #initialize(config:) ⇒ Oauth constructor

  A new instance of Oauth.

• #refresh_token(refresh_token:, user_type:) ⇒ Object

  Refresh an access token using its refresh token.

Constructor Details

#initialize(config:) ⇒ Oauth

Returns a new instance of Oauth.

# File 'lib/high_level/oauth.rb', line 17

def initialize(config:)
  @config = config
end

Instance Method Details

#authorization_url(scope:, redirect_uri: nil) ⇒ Object

Build the URL the end user is redirected to in order to grant the app access. Pure URL construction; no HTTP.

# File 'lib/high_level/oauth.rb', line 23

def authorization_url(scope:, redirect_uri: nil)
  params = URI.encode_www_form(
    client_id: require_value!(:client_id),
    redirect_uri: redirect_uri || require_value!(:redirect_uri),
    scope: scope,
    response_type: "code"
  )
  "#{MARKETPLACE_URL}/oauth/chooselocation?#{params}"
end

#exchange_code(code:, user_type:, redirect_uri: nil) ⇒ Object

Exchange an authorization code for an access + refresh token pair.

# File 'lib/high_level/oauth.rb', line 34

def exchange_code(code:, user_type:, redirect_uri: nil)
  assert_user_type!(user_type)
  post_form("/oauth/token", body: {
    grant_type: "authorization_code",
    code: code,
    client_id: require_value!(:client_id),
    client_secret: require_value!(:client_secret),
    user_type: user_type,
    redirect_uri: redirect_uri || @config.redirect_uri
  }.compact)
end

#get_location_access_token(company_id:, location_id:, authorization_token: nil) ⇒ Object

Derive a location-scoped access token from an agency token. The agency token is taken from ‘config.agency_access_token` unless `authorization_token:` is explicitly supplied (used by the company-token fallback flow).

Raises:

• (ConfigurationError)

# File 'lib/high_level/oauth.rb', line 62

def get_location_access_token(company_id:, location_id:, authorization_token: nil)
  bearer = authorization_token || @config.agency_access_token
  raise ConfigurationError, "agency access token required for get_location_access_token" if bearer.nil?

  post_form(
    "/oauth/locationToken",
    body: { companyId: company_id, locationId: location_id },
    authorization: "Bearer #{bearer}"
  )
end

#refresh_token(refresh_token:, user_type:) ⇒ Object

Refresh an access token using its refresh token.

# File 'lib/high_level/oauth.rb', line 47

def refresh_token(refresh_token:, user_type:)
  assert_user_type!(user_type)
  post_form("/oauth/token", body: {
              grant_type: "refresh_token",
              refresh_token: refresh_token,
              client_id: require_value!(:client_id),
              client_secret: require_value!(:client_secret),
              user_type: user_type
            })
end