Class: Rubino::OAuth::Provider::Github

Inherits:

Rubino::OAuth::Provider

• Object
• Rubino::OAuth::Provider
• Rubino::OAuth::Provider::Github

Defined in:

lib/rubino/oauth/provider/github.rb

Overview

GitHub OAuth 2.0 provider.

Scopes are sent space-separated (GitHub’s expected delimiter, inherited from #scope_separator). When the authenticated user has set their primary email private, /user returns email: nil; in that case we fall back to /user/emails and pick the primary entry.

Constant Summary

API_BASE =

"https://api.github.com"

Instance Attribute Summary

Attributes inherited from Rubino::OAuth::Provider

#client_id, #client_secret, #metadata, #scopes

Class Method Summary

• .authorize_path ⇒ Object
• .default_scopes ⇒ Object
• .display_name ⇒ Object
• .id ⇒ Object
• .site ⇒ Object
• .token_path ⇒ Object

Instance Method Summary

• #fetch_account_info(access_token) ⇒ Object
• #revoke(access_token) ⇒ Boolean

  Revoke an access token by deleting the OAuth grant for our app.

Methods inherited from Rubino::OAuth::Provider

#build_authorize_request, #exchange_code, #id, #initialize, #refresh

Constructor Details

This class inherits a constructor from Rubino::OAuth::Provider

Class Method Details

.authorize_path ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 19

def self.authorize_path = "/login/oauth/authorize"

.default_scopes ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 21

def self.default_scopes = %w[repo user:email]

.display_name ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 17

def self.display_name  = "GitHub"

.id ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 16

def self.id            = :github

.site ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 18

def self.site          = "https://github.com"

.token_path ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 20

def self.token_path = "/login/oauth/access_token"

Instance Method Details

#fetch_account_info(access_token) ⇒ Object

# File 'lib/rubino/oauth/provider/github.rb', line 43

def fetch_account_info(access_token)
  conn = Faraday.new(url: API_BASE) do |f|
    f.headers["Authorization"] = "Bearer #{access_token}"
    f.headers["Accept"] = "application/vnd.github+json"
    f.headers["User-Agent"] = "rubino"
  end

  user = JSON.parse(conn.get("/user").body)
  email = user["email"] || fetch_primary_email(conn)

  {
    account_id: user["id"].to_s,
    account_email: email,
    metadata: { login: user["login"], name: user["name"] }
  }
end

#revoke(access_token) ⇒ Boolean

Revoke an access token by deleting the OAuth grant for our app. docs.github.com/en/rest/apps/oauth-applications#delete-an-app-token Authentication is the app’s (client_id, client_secret) via Basic, not the user token — the token to revoke goes in the JSON body.

Parameters:

• access_token (String) —

  user token to invalidate

Returns:

• (Boolean) —

  true on 204 (success), false otherwise.

# File 'lib/rubino/oauth/provider/github.rb', line 32

def revoke(access_token)
  conn = Faraday.new(url: API_BASE) do |f|
    f.request :authorization, :basic, @client_id, @client_secret
    f.headers["Accept"] = "application/vnd.github+json"
    f.headers["Content-Type"] = "application/json"
    f.headers["User-Agent"] = "rubino"
  end
  response = conn.delete("/applications/#{@client_id}/token", JSON.generate(access_token: access_token))
  response.success?
end