grape-oauth2 / grape_oauth2 Goto Github PK

looks like this gem is in the process of being built, but may solve a problem I'm trying to solve. After installing the gem and requiring it in my config.ru like this:

# oauth2
require 'grape_oauth2'

but I'm getting the following error:

.... lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require': cannot load such file -- grape_oauth2 (LoadError)

I'm not all that familiar with gem development, but is there something in the .gemspec. or is this something local? more than happy to help

In our application we allow client to pass access tokens(optional) for GET requests for analytics and reports. But if client pass very old access token which is expired in request gem does not Unauthorized the request. For which I am doing following change in the code.

lib/grape_oauth2/helpers/access_token_helpers.rb

def current_access_token
    @_current_access_token ||= request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
    (@_current_access_token.present? && (@_current_access_token.revoked? || @_current_access_token.expired?)) ? (raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized) : @_current_access_token  
end

Is this a valid change? or I am missing something?

The latest gem up on rubygems was built in April 2016. It has hard dependencies on older grape versions.

Please tag and release a new build to rubygems! Thank you!

I call access_token_required! in several of my api endpoints, but not in the UserLogin endpoints.

if I do the following

   mount Api::UserLogin
   mount Api::SomeOtherEndpoint

I get a 401 error when attempting to log in, even though access_token_required! is not being used in that file.

If I do the following instead

   include Grape::OAuth2.api

   mount Api::SomeOtherEndpoint

Then the user login controller is called without checking for an access token.

I need to use an auth code grant in my application. I can generate a auth code ok and pass that back, but when the client attempts to obtain a token invalid_grant! is called in generators/token.rb:43 because it cannot find a strategy for 'authorization_code'.

Adding Grape::OAuth2::Strategies::AuthorizationCode to the STRATEGY_CLASSES table fixes that, but it appears to expect a different type of Rack Request and Response.

• The arity is different on ::AuthorizationCode's process method
• The request doesn't implement verify_redirect_uri! (Rack::OAuth2::Server::Authorize::Request does, but the request is of an AuthorizationCode type)
• The response passed is a Rack::OAuth2::Server::Token::Response, which doesn't implement approve!

If I'm doing something wrong, please let me know. Otherwise, is this just something that needs to be implemented further?

We're using Grape with Grape::OAuth2 for a Rails project which provides an API that needs to be secured by the Client Credentials flow of OAuth2.

We've been following the configuration guidelines and the 'lazy' usage example stated in the README, but we have a question regarding the resource_owner_class_name. As we are using Client Credentials we don't need a resource owner, but the documentation states that all three models must exist. We don't know if we could abstain from creating that model or if we should do something else.

We didn't include the resource owner parts in our migrations either.

Thanks for your time.