googleauth - Class Google::Auth::UserAuthorizer (v1.15.1)
Reference documentation and code samples for the googleauth class Google::Auth::UserAuthorizer.
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
Example usage for a simple command line app:
credentials = authorizer.get_credentials(user_id)if credentials.nil? url = authorizer.get_authorization_url( base_url: OOB_URI) puts "Open the following URL in the browser and enter the " + "resulting code after authorization" puts url code = gets credentials = authorizer.get_and_store_credentials_from_code( user_id: user_id, code: code, base_url: OOB_URI)end# Credentials ready to use, call APIs...Inherits
- Object
Methods
.generate_code_verifier
defself.generate_code_verifier()Generate the code verifier needed to be sent while fetchingauthorization URL.
#code_verifier=
defcode_verifier=(new_code_verifier)The code verifier for PKCE for OAuth 2.0. When set, theauthorization URI will contain the Code Challenge and CodeChallenge Method querystring parameters, and the token URI willcontain the Code Verifier parameter.
- new_code_erifier (String|nil)
#get_and_store_credentials_from_code
defget_and_store_credentials_from_code(options={})->Google::Auth::UserRefreshCredentialsExchanges an authorization code returned in the oauth callback.Additionally, stores the resulting credentials in the token store ifthe exchange is successful.
- user_id (String) — Unique ID of the user for loading/storing credentials.
- code (String) — The authorization code from the OAuth callback
- scope (String, Array<String>) — Authorization scope requested. Overrides the instancescopes if not nil.
- base_url (String) — Absolute URL to resolve the configured callback uri against.Required if the configuredcallback uri is a relative.
- (Google::Auth::UserRefreshCredentials) — Credentials if exchange is successful
#get_authorization_url
defget_authorization_url(options={})->StringBuild the URL for requesting authorization.
- login_hint (String) — Login hint if need to authorize a specific account. Should be auser's email address or unique profile ID.
- state (String) — Opaque state value to be returned to the oauth callback.
- base_url (String) — Absolute URL to resolve the configured callback uri against. Requiredif the configured callback uri is a relative.
- scope (String, Array<String>) — Authorization scope to request. Overrides the instance scopes if notnil.
- additional_parameters (Hash) — Additional query parameters to be added to the authorization URL.
- (String) — Authorization url
#get_credentials
defget_credentials(user_id,scope=nil)->Google::Auth::UserRefreshCredentialsFetch stored credentials for the user.
- user_id (String) — Unique ID of the user for loading/storing credentials.
- scope (Array<String>, String) — If specified, only returns credentials that have allthe requested scopes
- (Google::Auth::UserRefreshCredentials) — Stored credentials, nil if none present
- (Google::Auth::CredentialsError) — If the client ID in the stored token doesn't match the configured client ID
#get_credentials_from_code
defget_credentials_from_code(options={})->Google::Auth::UserRefreshCredentialsExchanges an authorization code returned in the oauth callback
- user_id (String) — Unique ID of the user for loading/storing credentials.
- code (String) — The authorization code from the OAuth callback
- scope (String, Array<String>) — Authorization scope requested. Overrides the instancescopes if not nil.
- base_url (String) — Absolute URL to resolve the configured callback uri against.Required if the configuredcallback uri is a relative.
- additional_parameters (Hash) — Additional parameters to be added to the post body of tokenendpoint request.
- (Google::Auth::UserRefreshCredentials) — Credentials if exchange is successful
#initialize
definitialize(client_id,scope,token_store,legacy_callback_uri=nil,callback_uri:nil,code_verifier:nil)->UserAuthorizerInitialize the authorizer
- client_id (Google::Auth::ClientID) — Configured ID & secret for this application
- scope (String, Array<String>) — Authorization scope to request
- token_store (Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
- legacy_callback_uri (String) — URL (either absolute or relative) of the auth callback.Defaults to '/oauth2callback'.@deprecated This field is deprecated. Instead, use the keyword argument callback_uri.
- code_verifier (String)(defaults to: nil) — Random string of 43-128 chars used to verify the key exchange usingPKCE.
- (UserAuthorizer) — a new instance of UserAuthorizer
- (Google::Auth::InitializationError) — If client_id is nil or scope is nil
#revoke_authorization
defrevoke_authorization(user_id)Revokes a user's credentials. This both revokes the actualgrant as well as removes the token from the token store.
- user_id (String) — Unique ID of the user for loading/storing credentials.
#store_credentials
defstore_credentials(user_id,credentials)->Google::Auth::UserRefreshCredentialsStore credentials for a user. Generally not required to becalled directly, but may be used to migrate tokens from onestore to another.
- user_id (String) — Unique ID of the user for loading/storing credentials.
- credentials (Google::Auth::UserRefreshCredentials) — Credentials to store.
- (Google::Auth::UserRefreshCredentials) — The stored credentials
Constants
MISMATCHED_CLIENT_ID_ERROR
value:"Token client ID of %s does not match configured client id %s".freeze
NIL_CLIENT_ID_ERROR
value:"Client id can not be nil.".freeze
NIL_SCOPE_ERROR
value:"Scope can not be nil.".freeze
NIL_USER_ID_ERROR
value:"User ID can not be nil.".freeze
NIL_TOKEN_STORE_ERROR
value:"Can not call method if token store is nil".freeze
MISSING_ABSOLUTE_URL_ERROR
value:'Absolute base url required for relative callback url "%s"'.freeze
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-30 UTC.