Module: Lexdrill::GoogleAuth
- Defined in:
- lib/lexdrill/google_auth.rb
Overview
Handles the Google OAuth 2.0 Device Authorization Grant ("visit this URL,
enter this code") so drill export can write to a Sheet as the user's own
Google account, without ever needing a service account key.
CLIENT_ID/CLIENT_SECRET below are NOT confidential for this OAuth client type ("TVs and Limited Input devices" / installed-app device flow) — see README's "Google Sheets export" section for why it's safe to ship these in published gem source. The actual secret is the refresh_token persisted at PATH below, obtained only after this specific user's own interactive consent, which never leaves this machine and is never published.
Defined Under Namespace
Classes: AuthError
Constant Summary collapse
- PATH =
File.join(Dir.home, ".drill.gcp-token.json")
- CLIENT_ID =
"608056429593-ncdgh4bnfpuf9486l2rlt7g763h1gl6g.apps.googleusercontent.com"- CLIENT_SECRET =
"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"- SCOPE =
"https://www.googleapis.com/auth/spreadsheets"- DEVICE_CODE_URL =
"https://oauth2.googleapis.com/device/code"- TOKEN_URL =
"https://oauth2.googleapis.com/token"- GRANT_TYPE_DEVICE =
"urn:ietf:params:oauth:grant-type:device_code"- DEFAULT_POLL_INTERVAL =
5- DEFAULT_EXPIRES_IN =
1800- EXPIRY_SKEW =
seconds of safety margin before treating a token as expired
60
Class Method Summary collapse
Class Method Details
.clear! ⇒ Object
45 46 47 |
# File 'lib/lexdrill/google_auth.rb', line 45 def self.clear! FileUtils.rm_f(PATH) end |
.configured? ⇒ Boolean
41 42 43 |
# File 'lib/lexdrill/google_auth.rb', line 41 def self.configured? File.exist?(PATH) end |
.ensure_token! ⇒ Object
32 33 34 35 36 37 38 39 |
# File 'lib/lexdrill/google_auth.rb', line 32 def self.ensure_token! return login! unless configured? data = load_token return data["access_token"] if Time.now.to_i < data["expires_at"].to_i refresh! end |
.login! ⇒ Object
49 50 51 52 53 |
# File 'lib/lexdrill/google_auth.rb', line 49 def self.login! device = request_device_code print_instructions(device) poll_for_token(device) end |
.refresh! ⇒ Object
110 111 112 113 114 115 116 117 |
# File 'lib/lexdrill/google_auth.rb', line 110 def self.refresh! data = load_token params = { "client_id" => CLIENT_ID, "client_secret" => CLIENT_SECRET, "refresh_token" => data["refresh_token"], "grant_type" => "refresh_token" } handle_refresh_response(Lexdrill::HTTPClient.post_form(TOKEN_URL, params), data) end |