Class: Mercadopago::OAuth

Inherits:
MPBase
  • Object
show all
Defined in:
lib/mercadopago/resources/oauth.rb

Overview

Manages the OAuth 2.0 authorization code flow.

Use this resource when your application needs to operate on behalf of other MercadoPago sellers (marketplace or platform scenarios). The flow involves redirecting the seller to the authorization URL, receiving an authorization code, and exchanging it for access and refresh tokens.

See Also:

Instance Method Summary collapse

Methods inherited from MPBase

#_check_headers, #_check_request_options, #_delete, #_get, #_post, #_put, #initialize

Constructor Details

This class inherits a constructor from Mercadopago::MPBase

Instance Method Details

#create(oauth_data, request_options: nil) ⇒ Hash{Symbol => Object}

Exchanges an authorization code for an access token.

Call this after receiving the code parameter in your redirect_uri callback. The returned access token can be used to make API requests on behalf of the authorizing seller.

Parameters:

  • oauth_data (Hash)

    authorization request fields: :client_secret (your access token), :code (authorization code), :redirect_uri (must match the one used in #get_authorization_url), and :grant_type (++“authorization_code”++).

  • request_options (RequestOptions, nil) (defaults to: nil)

    per-call configuration override

Returns:

  • (Hash{Symbol => Object})

    :status and :response with access_token, refresh_token, and expires_in

Raises:

  • (TypeError)

    if oauth_data is not a Hash

See Also:



57
58
59
60
61
 
# File 'lib/mercadopago/resources/oauth.rb', line 57

def create(oauth_data, request_options: nil)
  raise TypeError, 'Param oauth_data must be a Hash' unless oauth_data.is_a?(Hash)

  _post(uri: '/oauth/token', data: oauth_data, request_options: request_options)
end

#get_authorization_url(app_id, redirect_uri, random_id) ⇒ String

Builds the MercadoPago authorization URL for the OAuth flow.

Redirect the seller to this URL to start the authorization process. After granting permission, MercadoPago redirects back to redirect_uri with a code query parameter.

Parameters:

  • app_id (String)

    your MercadoPago application’s client ID

  • redirect_uri (String)

    URI where MercadoPago sends the seller after authorization

  • random_id (String)

    CSRF-protection state parameter; must be unique per request

Returns:

  • (String)

    full authorization URL with query parameters

See Also:



31
32
33
34
35
36
37
38
39
40
 
# File 'lib/mercadopago/resources/oauth.rb', line 31

def get_authorization_url(app_id, redirect_uri, random_id)
  params = URI.encode_www_form(
    client_id: app_id,
    response_type: 'code',
    platform_id: 'mp',
    state: random_id,
    redirect_uri: redirect_uri
  )
  "#{AUTH_URL}?#{params}"
end

#refresh(oauth_data, request_options: nil) ⇒ Hash{Symbol => Object}

Refreshes an expired access token.

Use this to extend the seller’s session without requiring them to re-authorize. The refresh_token is obtained from the initial #create response.

Parameters:

  • oauth_data (Hash)

    refresh request fields: :client_secret (your access token), :refresh_token (token to refresh), and :grant_type (++“refresh_token”++).

  • request_options (RequestOptions, nil) (defaults to: nil)

    per-call configuration override

Returns:

  • (Hash{Symbol => Object})

    :status and :response with a fresh access_token and refresh_token

Raises:

  • (TypeError)

    if oauth_data is not a Hash

See Also:



77
78
79
80
81
 
# File 'lib/mercadopago/resources/oauth.rb', line 77

def refresh(oauth_data, request_options: nil)
  raise TypeError, 'Param oauth_data must be a Hash' unless oauth_data.is_a?(Hash)

  _post(uri: '/oauth/token', data: oauth_data, request_options: request_options)
end