Class: SpreeCmCommissioner::TelegramOauthTokenExchanger
- Inherits:
-
BaseInteractor
- Object
- BaseInteractor
- SpreeCmCommissioner::TelegramOauthTokenExchanger
- Defined in:
- app/interactors/spree_cm_commissioner/telegram_oauth_token_exchanger.rb
Overview
Exchanges a Telegram OAuth authorization code for an id_token at
Telegram's token endpoint. This is the server-side half of the mobile/web
PKCE login: the client cannot call Telegram's /token directly (native apps
have no registered HTTPS origin, and browsers are blocked by CORS), so it
relays the exchange through us.
Telegram validates the redirect_uri parameter against a BotFather-
registered domain, not the caller's host, so this can safely run from the
API server. This Telegram Login Widget client is confidential (it has a
client_secret), so PKCE alone isn't enough — Telegram's /token endpoint
still requires client_secret, which is why it must be injected here
server-side rather than sent by the app.
Constant Summary collapse
- TOKEN_ENDPOINT =
'https://oauth.telegram.org/token'.freeze
- REQUIRED_PARAMS =
%i[client_id code redirect_uri code_verifier].freeze
Instance Method Summary collapse
Instance Method Details
#call ⇒ Object
23 24 25 26 27 28 29 30 31 32 |
# File 'app/interactors/spree_cm_commissioner/telegram_oauth_token_exchanger.rb', line 23 def call missing = REQUIRED_PARAMS.find { |key| context[key].blank? } return context.fail!(message: "#{missing}_missing") if missing return context.fail!(message: 'telegram_oauth_client_secret_not_configured') if client_secret.blank? response = post_to_telegram context.status = response.code.to_i context.body = response.body end |