Class: SimpleOAuth::Header

Inherits:
Object
  • Object
show all
Extended by:
Encoding, ClassMethods
Defined in:
lib/simple_oauth/header.rb,
lib/simple_oauth/header/class_methods.rb

Overview

Generates OAuth 1.0 Authorization headers for HTTP requests

Defined Under Namespace

Modules: ClassMethods

Constant Summary collapse

OAUTH_SCHEME =

OAuth header scheme prefix

"OAuth".freeze
OAUTH_PREFIX =

Prefix for OAuth parameters

"oauth_".freeze
DEFAULT_SIGNATURE_METHOD =

Default signature method per RFC 5849

"HMAC-SHA1".freeze
OAUTH_VERSION =

OAuth version

"1.0".freeze
ATTRIBUTE_KEYS =

Valid OAuth attribute keys that can be included in the header

%i[body_hash callback consumer_key nonce signature_method timestamp token verifier version].freeze
IGNORED_KEYS =

Keys that are used internally but should not appear in attributes

%i[consumer_secret token_secret signature realm ignore_extra_keys].freeze
PARSE_KEYS =

Valid keys when parsing OAuth parameters (ATTRIBUTE_KEYS + signature)

[*ATTRIBUTE_KEYS, :signature].freeze

Constants included from Encoding

Encoding::UNRESERVED_CHARS

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from ClassMethods

body_hash, default_options, parse, parse_form_body

Methods included from Encoding

escape, unescape

Constructor Details

#initialize(method, url, params, oauth = {}, body = nil) ⇒ Header

Creates a new OAuth header

Examples:

Create a header with OAuth options

SimpleOAuth::Header.new(:get, "https://api.example.com/resource", {},
  consumer_key: "key", consumer_secret: "secret")

Create a header by parsing an existing Authorization header

SimpleOAuth::Header.new(:get, "https://api.example.com/resource", {}, existing_header)

Create a header with a JSON body (oauth_body_hash will be computed)

SimpleOAuth::Header.new(:post, "https://api.example.com/resource", {},
  {consumer_key: "key", consumer_secret: "secret"}, '{"text": "Hello"}')

Parameters:

  • method (String, Symbol)

    the HTTP method

  • url (String, URI)

    the request URL

  • params (Hash)

    the request parameters (for form-encoded bodies)

  • oauth (Hash, String) (defaults to: {})

    OAuth options hash or an existing Authorization header to parse

  • body (String, nil) (defaults to: nil)

    raw request body for oauth_body_hash (for non-form-encoded bodies)



82
83
84
85
86
87
88
 
# File 'lib/simple_oauth/header.rb', line 82

def initialize(method, url, params, oauth = {}, body = nil)
  @method = method.to_s.upcase
  @uri = normalize_uri(url)
  @params = params
  @body = body
  @options = build_options(oauth, body)
end

Instance Attribute Details

#bodyString? (readonly)

The raw request body for oauth_body_hash computation

Examples:

header.body # => '{"text": "Hello"}'

Returns:

  • (String, nil)

    the request body



54
55
56
 
# File 'lib/simple_oauth/header.rb', line 54

def body
  @body
end

#methodString (readonly)

The HTTP method for the request

Examples:

header.method # => "GET"

Returns:

  • (String)

    the HTTP method (GET, POST, etc.)



40
41
42
 
# File 'lib/simple_oauth/header.rb', line 40

def method
  @method
end

#optionsHash (readonly)

The OAuth options including credentials and signature

Examples:

header.options # => {consumer_key: "key", nonce: "..."}

Returns:

  • (Hash)

    the OAuth options



61
62
63
 
# File 'lib/simple_oauth/header.rb', line 61

def options
  @options
end

#paramsHash (readonly)

The request parameters to be signed

Examples:

header.params # => {"status" => "Hello"}

Returns:

  • (Hash)

    the request parameters



47
48
49
 
# File 'lib/simple_oauth/header.rb', line 47

def params
  @params
end

Instance Method Details

#signed_attributesHash

Returns the OAuth attributes including the signature

Examples:

header.signed_attributes
# => {oauth_consumer_key: "key", oauth_signature: "...", ...}

Returns:

  • (Hash)

    OAuth attributes with oauth_signature included



139
140
141
 
# File 'lib/simple_oauth/header.rb', line 139

def signed_attributes
  header_attributes.merge(oauth_signature: signature)
end

#to_sString

Returns the OAuth Authorization header string

Examples:

header = SimpleOAuth::Header.new(:get, "https://api.example.com/", {},
  consumer_key: "key", consumer_secret: "secret")
header.to_s
# => "OAuth oauth_consumer_key=\"key\", oauth_nonce=\"...\", ..."

Returns:

  • (String)

    the Authorization header value



111
112
113
 
# File 'lib/simple_oauth/header.rb', line 111

def to_s
  "#{OAUTH_SCHEME} #{normalized_attributes}"
end

#urlString

Returns the normalized URL without query string or fragment

Examples:

header = SimpleOAuth::Header.new(:get, "https://api.example.com/path?query=1", {})
header.url
# => "https://api.example.com/path"

Returns:

  • (String)

    the normalized URL



98
99
100
 
# File 'lib/simple_oauth/header.rb', line 98

def url
  @uri.dup.tap { |uri| uri.query = nil }.to_str
end

#valid?(secrets = {}) ⇒ Boolean

Validates the signature in the header against the provided secrets

Examples:

parsed_header = SimpleOAuth::Header.new(:get, url, {}, authorization_header)
parsed_header.valid?(consumer_secret: "secret", token_secret: "token_secret")
# => true

Parameters:

  • secrets (Hash) (defaults to: {})

    the consumer_secret and token_secret for validation

Returns:

  • (Boolean)

    true if the signature is valid, false otherwise



124
125
126
127
128
129
130
 
# File 'lib/simple_oauth/header.rb', line 124

def valid?(secrets = {})
  original_options = options.dup #: Hash[Symbol, untyped]
  options.merge!(secrets)
  options.fetch(:signature).eql?(signature)
ensure
  options.replace(original_options)
end