Module: Lexdrill::GoogleAuth

Defined in:
lib/lexdrill/google_auth.rb

Overview

Handles the Google OAuth 2.0 Device Authorization Grant ("visit this URL, enter this code") so drill export can write to a Sheet as the user's own Google account, without ever needing a service account key.

CLIENT_ID/CLIENT_SECRET below are NOT confidential for this OAuth client type ("TVs and Limited Input devices" / installed-app device flow) — see README's "Google Sheets export" section for why it's safe to ship these in published gem source. The actual secret is the refresh_token persisted at PATH below, obtained only after this specific user's own interactive consent, which never leaves this machine and is never published.

Defined Under Namespace

Classes: AuthError

Constant Summary collapse

PATH =
File.join(Dir.home, ".drill.gcp-token.json")
CLIENT_ID =
"608056429593-ncdgh4bnfpuf9486l2rlt7g763h1gl6g.apps.googleusercontent.com"
CLIENT_SECRET =
"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"
SCOPE =
"https://www.googleapis.com/auth/spreadsheets"
DEVICE_CODE_URL =
"https://oauth2.googleapis.com/device/code"
TOKEN_URL =
"https://oauth2.googleapis.com/token"
GRANT_TYPE_DEVICE =
"urn:ietf:params:oauth:grant-type:device_code"
DEFAULT_POLL_INTERVAL =
5
DEFAULT_EXPIRES_IN =
1800
EXPIRY_SKEW =

seconds of safety margin before treating a token as expired

60

Class Method Summary collapse

Class Method Details

.clear!Object



45
46
47
# File 'lib/lexdrill/google_auth.rb', line 45

def self.clear!
  FileUtils.rm_f(PATH)
end

.configured?Boolean

Returns:

  • (Boolean)


41
42
43
# File 'lib/lexdrill/google_auth.rb', line 41

def self.configured?
  File.exist?(PATH)
end

.ensure_token!Object



32
33
34
35
36
37
38
39
# File 'lib/lexdrill/google_auth.rb', line 32

def self.ensure_token!
  return login! unless configured?

  data = load_token
  return data["access_token"] if Time.now.to_i < data["expires_at"].to_i

  refresh!
end

.login!Object



49
50
51
52
53
# File 'lib/lexdrill/google_auth.rb', line 49

def self.login!
  device = request_device_code
  print_instructions(device)
  poll_for_token(device)
end

.refresh!Object



110
111
112
113
114
115
116
117
# File 'lib/lexdrill/google_auth.rb', line 110

def self.refresh!
  data = load_token
  params = {
    "client_id" => CLIENT_ID, "client_secret" => CLIENT_SECRET,
    "refresh_token" => data["refresh_token"], "grant_type" => "refresh_token"
  }
  handle_refresh_response(Lexdrill::HTTPClient.post_form(TOKEN_URL, params), data)
end