This library's only responsibility is to verify oauth2 access tokens that have been obtained from third party. No access tokens needed.
Real-world use case:
- You have a mobile application, with users authenticating via oauth2 providers.
With the help of this library you can use oauth2 access tokens to validate the token, verify the user identity and map users' attributes to the custom attributes.
Example of oauth2 flow using this library is shown below:
The depicted workflow consists of the following steps:
-
User clicks OAuth login button at the mobile application interface
-
User is being shown an authorization dialogue from OAuth provider, where he/she approves permissions to access account data
-
Mobile application receives an access token from OAuth2 provider and immediately passes it to backend app
-
Backend application receives the token and makes a request to the OAuth provider
-
Backend application receives info from OAuth provider and does something with it - authenticates the user, creates the user, updates user's data.
install manually:
gem install oauth_token_verifier
or using Bundler:
# Gemfile
gem 'oauth_token_verifier'
OauthTokenVerifier.configure do |c|
...
end
You should configure enabled providers first, only three providers are supported by now
c.enabled_providers = [:google, :facebook, :vk]
If you try to use the provider that is not in enabled_providers
list, the NoProviderFoundError
will be raised.
Then goes separate configuration for each provider
Name, that will be returned in the resulting Struct. Basically, it's just a custom alias for provider. Each provider will be given the default name if no alias provided.
# provider name to be returned
c.facebook.name = 'fb'
Id field from OAuth provider response, that will be used as unique id. The default values are email
for Google
,
id
for Facebook
and Vk
.
# id field - this used to uniquely identify user
c.facebook.id_field = 'id'
Mapping of other returned fields to arbitrary field names. By default, no fields parameter passed when querying a provider. With this setting configured, the query parameter will contain the additional parameters to query more information from OAuth provider. Feel free to add any field supported by the chosen provider, but keeo in mind that not all the fields are available to query without api tokens.
c.facebook.fields_mapping = { first_name: :name }
c.vk.name = 'vkontakte'
c.vk.id_field = 'id'
# here we map vk's sex field to gender, and photo_id field to avatar
c.vk.fields_mapping = { sex: :gender, photo_id: :avatar }
c.google.name = 'google'
c.google.id_field = 'email'
c.google.fields_mapping = { given_name: :first_name, picture: :avatar }
Version is a required parameter for VK provider. Default VK API version 3.0 is deprecated so it is
neccessary to pass v
parameter explicitly for any API call to VK. Recommended API version is 5.0+.
Version 5.0
is configured in gem by default, but it's possible to override it:
c.vk.version = '5.73'
For VK API v.3.0 please use uid
parameter:
c.vk.version = '3.0'
c.vk.id_field = 'uid'
include OauthTokenVerifier
verify(:google, token: 'some_very_long_unreadable_sequence_here')
The response will either return a struct, containing profile info fields, or raise an exception with error explanation:
=> #<struct OauthTokenVerifier::Providers::Vk::BaseFields
id=00010101010,
provider="vk",
info=#<struct first_name="John", last_name="Smith">>
Example of error response:
OauthTokenVerifier::TokenVerifier::TokenCheckError: Invalid Value