grape-oauth2 / grape_oauth2 Goto Github PK
View Code? Open in Web Editor NEWFlexible, ORM-agnostic, fully customizable and simple OAuth2 provider for Grape API
Flexible, ORM-agnostic, fully customizable and simple OAuth2 provider for Grape API
looks like this gem is in the process of being built, but may solve a problem I'm trying to solve. After installing the gem and requiring it in my config.ru
like this:
# oauth2
require 'grape_oauth2'
but I'm getting the following error:
.... lib/ruby/site_ruby/2.2.0/rubygems/core_ext/kernel_require.rb:54:in `require': cannot load such file -- grape_oauth2 (LoadError)
I'm not all that familiar with gem development, but is there something in the .gemspec. or is this something local? more than happy to help
In our application we allow client to pass access tokens(optional) for GET requests for analytics and reports. But if client pass very old access token which is expired in request gem does not Unauthorized the request. For which I am doing following change in the code.
lib/grape_oauth2/helpers/access_token_helpers.rb
def current_access_token
@_current_access_token ||= request.env[Rack::OAuth2::Server::Resource::ACCESS_TOKEN]
(@_current_access_token.present? && (@_current_access_token.revoked? || @_current_access_token.expired?)) ? (raise Rack::OAuth2::Server::Resource::Bearer::Unauthorized) : @_current_access_token
end
Is this a valid change? or I am missing something?
The latest gem up on rubygems was built in April 2016. It has hard dependencies on older grape versions.
Please tag and release a new build to rubygems! Thank you!
I call access_token_required! in several of my api endpoints, but not in the UserLogin endpoints.
if I do the following
mount Api::UserLogin
mount Api::SomeOtherEndpoint
I get a 401 error when attempting to log in, even though access_token_required! is not being used in that file.
If I do the following instead
include Grape::OAuth2.api
mount Api::SomeOtherEndpoint
Then the user login controller is called without checking for an access token.
I need to use an auth code grant in my application. I can generate a auth code ok and pass that back, but when the client attempts to obtain a token invalid_grant!
is called in generators/token.rb:43 because it cannot find a strategy for 'authorization_code'.
Adding Grape::OAuth2::Strategies::AuthorizationCode
to the STRATEGY_CLASSES
table fixes that, but it appears to expect a different type of Rack Request
and Response
.
::AuthorizationCode
's process
methodverify_redirect_uri!
(Rack::OAuth2::Server::Authorize::Request does, but the request is of an AuthorizationCode type)approve!
If I'm doing something wrong, please let me know. Otherwise, is this just something that needs to be implemented further?
We're using Grape with Grape::OAuth2 for a Rails project which provides an API that needs to be secured by the Client Credentials flow of OAuth2.
We've been following the configuration guidelines and the 'lazy' usage example stated in the README, but we have a question regarding the resource_owner_class_name
. As we are using Client Credentials we don't need a resource owner, but the documentation states that all three models must exist. We don't know if we could abstain from creating that model or if we should do something else.
We didn't include the resource owner parts in our migrations either.
Thanks for your time.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.