googleauth - Class Google::Auth::WebUserAuthorizer (v1.15.1)
Reference documentation and code samples for the googleauth class Google::Auth::WebUserAuthorizer.
Varation onUserAuthorizer adapted for Rack basedweb applications.
Example usage:
get('/') do user_id = request.session['user_email'] credentials = authorizer.get_credentials(user_id, request) if credentials.nil? redirect authorizer.get_authorization_url(user_id: user_id, request: request) end # Credentials are valid, can call APIs ...end
get('/oauth2callback') do url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred( request) redirect url end
Instead of implementing the callback directly, applications areencouraged to useCallbackApp instead.
Inherits
Methods
.default
defself.default()Returns the value of attribute default.
.default=
defself.default=(value)Sets the attribute default
.extract_callback_state
defself.extract_callback_state(request)->Array<Hash,String>Extract the callback state from the request
- request (Rack::Request) — Current request
- (Array<Hash, String>) — Callback state and redirect URI
.handle_auth_callback_deferred
defself.handle_auth_callback_deferred(request)->String,nilHandle the result of the oauth callback. This version defers theexchange of the code by temporarily stashing the results in the user'ssession. This allows apps to use the genericCallbackApp handler for the callbackwithout any additional customization.
Apps that wish to handle the callback directly should use#handle_auth_callback instead.
- request (Rack::Request) — Current request
- (String, nil) — Redirect URI if successfully extracted, nil otherwise
.principal
defself.principal()->SymbolReturns the principal identifier for this web authorizerThis is a class method that returns a symbol sincewe might not have a client_id in the static callback context
- (Symbol) — The symbol for web user authorization
.validate_callback_state
defself.validate_callback_state(state,request)Verifies the results of an authorization callback
- state (Hash) — Callback state
- request (Rack::Request) — Current request
- (Google::Auth::AuthorizationError) — If the authorization code is missing, there's an error in the callback state,or the state token doesn't match
#get_authorization_url
defget_authorization_url(options={})->StringBuild the URL for requesting authorization.
- login_hint (String) — Login hint if need to authorize a specific account. Should be auser's email address or unique profile ID.
- request (Rack::Request) — Current request
- redirect_to (String) — Optional URL to proceed to after authorization complete. Defaults tothe current URL.
- scope (String, Array<String>) — Authorization scope to request. Overrides the instance scopes ifnot nil.
- state (Hash) — Optional key-values to be returned to the oauth callback.
- (String) — Authorization url
- (Google::Auth::InitializationError) — If request is nil or request.session is nil
#get_credentials
defget_credentials(user_id,request=nil,scope=nil)->Google::Auth::UserRefreshCredentialsFetch stored credentials for the user from the given request session.
- user_id (String) — Unique ID of the user for loading/storing credentials.
- request (Rack::Request) — Current request. Optional. If omitted, this will attempt to fall backon the base class behavior of reading from the token store.
- scope (Array<String>, String) — If specified, only returns credentials that have all the \requested scopes
- (Google::Auth::UserRefreshCredentials) — Stored credentials, nil if none present
- (Google::Auth::AuthorizationError) — If the authorization code is missing, there's an error in the request,or the state token doesn't match
#handle_auth_callback
defhandle_auth_callback(user_id,request)->Google::Auth::UserRefreshCredentials,StringHandle the result of the oauth callback. Exchanges the authorizationcode from the request and persists to storage.
- user_id (String) — Unique ID of the user for loading/storing credentials.
- request (Rack::Request) — Current request
- (Google::Auth::UserRefreshCredentials, String) — credentials & next URL to redirect to
#initialize
definitialize(client_id,scope,token_store,legacy_callback_uri=nil,callback_uri:nil,code_verifier:nil)->WebUserAuthorizerInitialize the authorizer
- client_id (Google::Auth::ClientID) — Configured ID & secret for this application
- scope (String, Array<String>) — Authorization scope to request
- token_store (Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
- legacy_callback_uri (String) — URL (either absolute or relative) of the auth callback. Defaultsto '/oauth2callback'.@deprecated This field is deprecated. Instead, use the keyword argument callback_uri.
- code_verifier (String)(defaults to: nil) — Random string of 43-128 chars used to verify the key exchange usingPKCE.
- (WebUserAuthorizer) — a new instance of WebUserAuthorizer
Constants
STATE_PARAM
value:"state".freeze
AUTH_CODE_KEY
value:"code".freeze
ERROR_CODE_KEY
value:"error".freeze
SESSION_ID_KEY
value:"session_id".freeze
CALLBACK_STATE_KEY
value:"g-auth-callback".freeze
CURRENT_URI_KEY
value:"current_uri".freeze
XSRF_KEY
value:"g-xsrf-token".freeze
SCOPE_KEY
value:"scope".freeze
NIL_REQUEST_ERROR
value:"Request is required.".freeze
NIL_SESSION_ERROR
value:"Sessions must be enabled".freeze
MISSING_AUTH_CODE_ERROR
value:"Missing authorization code in request".freeze
AUTHORIZATION_ERROR
value:"Authorization error: %s".freeze
INVALID_STATE_TOKEN_ERROR
value:"State token does not match expected value".freeze
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-10-30 UTC.