OAuth2 INTRIDEA gem and basic HTTP header

Question

OAuth2 INTRIDEA gem and basic HTTP header

Using the INTRIDEA OAuth2 Ruby gem, is there a recommended way to add a basic HTTP HTTP header using a password strategy?

This approach is recommended by IETF RFC 6749 and is required to implement Yahoo and RingCentral OAuth 2.0.

The required header I'm working with has the following format:

Authorization: Basic <base 64 encoded "CLIENT_ID:CLIENT_SECRET">

The following does not work and does not seem to add an authorization header:

client = OAuth2::Client.new('CLIENT_ID', 'CLIENT_SECRET', :site => 'https://example.com)
token  = client.password.get_token('USERNAME', 'PASSWORD')

The following works, but detailed:

client = OAuth2::Client.new('CLIENT_ID', 'CLIENT_SECRET', :site => 'https://example.com)
token  = client.password.get_token('USERNAME', 'PASSWORD', \
  :headers => { 'Authorization' => 'Basic ' + Base64.strict_encode64("CLIENT_ID:CLIENT_SECRET") \
)

The password strategy examples I've seen don't explicitly contain a header, so I'm wondering how this is done.

+3

ruby oauth-2.0 yahoo-api ringcentral

Grokify May 27 '15 at 8:33

source to share

1 answer

Grokify · Accepted Answer · 2015-05-27T10:07:26+0000

After reviewing the docs for the strategy auth_code

and code for oauth2/strategy/password.rb

, oauth2/strategy/base.rb

and oauth2/client.rb

, this appears an OAuth2 symbol that adds the form parameters client_id

and client_secret

, but not the title , to the body form . This is allowed, but NOT RECOMMENDED

IETF RFC 6749 . To add the IETF recommended header Authorization

, you need to add it as a parameter, as shown above.

Additional Information: Pull # 192 request covers this but may be stopped due to backward compatibility issues.

OAuth2 INTRIDEA gem and basic HTTP header

More articles: