OAuth2 INTRIDEA gem and basic HTTP header
Using the INTRIDEA OAuth2 Ruby gem, is there a recommended way to add a basic HTTP HTTP header using a password strategy?
This approach is recommended by IETF RFC 6749 and is required to implement Yahoo and RingCentral OAuth 2.0.
The required header I'm working with has the following format:
Authorization: Basic <base 64 encoded "CLIENT_ID:CLIENT_SECRET">
The following does not work and does not seem to add an authorization header:
client = OAuth2::Client.new('CLIENT_ID', 'CLIENT_SECRET', :site => 'https://example.com)
token = client.password.get_token('USERNAME', 'PASSWORD')
The following works, but detailed:
client = OAuth2::Client.new('CLIENT_ID', 'CLIENT_SECRET', :site => 'https://example.com)
token = client.password.get_token('USERNAME', 'PASSWORD', \
:headers => { 'Authorization' => 'Basic ' + Base64.strict_encode64("CLIENT_ID:CLIENT_SECRET") \
)
The password strategy examples I've seen don't explicitly contain a header, so I'm wondering how this is done.
source to share
After reviewing the docs for the strategy auth_code
and code for oauth2/strategy/password.rb
, oauth2/strategy/base.rb
and oauth2/client.rb
, this appears an OAuth2 symbol that adds the form parameters client_id
and client_secret
, but not the title , to the body form . This is allowed, but NOT RECOMMENDED
IETF RFC 6749 . To add the IETF recommended header Authorization
, you need to add it as a parameter, as shown above.
Additional Information: Pull # 192 request covers this but may be stopped due to backward compatibility issues.
source to share