I'm implementing an application that is supposed to be able to talk to different APIs on behalf of its users. Amongst others, this includes github. I'm using the oauth-plugin (https://github.com/pelle/oauth-plugin) to perform the authentication for each API. Unfortunately, this doesn't work for Github.
Here's my current GithubToken implementation:
class GithubToken < ConsumerToken
GITHUB_SETTINGS={
:site=>"https://github.com",
:request_token_path => "/login/oauth/request_token",
:authorize_path => "/login/oauth/authorize",
:access_token_path => "/login/oauth/access_token",
}
def self.consumer
#consumer||=create_consumer
end
def self.create_consumer(options={})
OAuth::Consumer.new credentials[:key],credentials[:secret],GITHUB_SETTINGS.merge(options)
end
def self.get_request_token(callback_url, scope=nil)
https://github.com/login/oauth/authorize
consumer.get_request_token({:oauth_callback=>callback_url}, :scope=>scope||credentials[:scope]||"")
end
end
When starting the authentication process, I get a 403 error during the get_request_token call. I assume the request_token_path is somehow wrong, but was unable to find any information on the correct path. Searching google with github as part of the search term was also not very helpful. Will try omniauth now, but as I'm planning on using the provider capabilities of the oauth-plugin, as well, any help would be much appreciated.
Ok, solved it. The following configuration in initialisers/oauth_consumers.rb will do the trick:
OAUTH_CREDENTIALS={
:github=>{
:key => "KEY",
:secret => "SECRET",
:expose => false, # expose client at /oauth_consumers/twitter/client see docs
:oauth_version => 2,
:options => {
:site => 'https://github.com',
:authorize_url => '/login/oauth/authorize',
:token_url => '/login/oauth/access_token'
}
}
}
Also make sure to register /oauth_consumers/github/callback2 as your callback URL.
Related
I'm using the github_api gem for rails and I'm trying to list all of the issues attached to a specific repo within an organisation I am a member of.
I'm using
#github = Github.new :oauth_token => 'token',
:org => 'org-name',
:user => 'org-name',
:repo => 'repo-name'
#issues = #github.issues.list state: 'open'
which returns just the issues I am assigned to - changing the state to 'closed' returns nothing - but prodding the endpoint myself using curl returns all the issues I am looking for.
Does anyone know how to list all of the issues associated with a specific repo - and not just the ones assigned to yourself?
After wrestling with the documentation for this gem - I found you can tap in to the github search api - allowing you to search issues for a repo - and provide flags to filter the results.
#github = Github.new :oauth_token => 'token',
:org => 'org-name',
:user => 'org-name',
:repo => 'repo-name'
#github.search.issues 'repo:user/repo type:pr state:closed updated:>=2015-10-15'
Looking at the Github api documentation shows what you can filter the results by. I hope this helps anyone else who is having issues with this gem.
I am looking to understand how I can access a variable set in method A, then use that variable in method B, and also a clean way of reusing the same part of code and then only changing the query
require 'google/api_client'
module GoogleAnalytics
class Analytic
SERVICE_ACCOUNT_EMAIL_ADDRESS = ENV['SERVICE_ACCOUNT_EMAIL_ADDRESS']
PATH_TO_KEY_FILE = ENV['PATH_TO_KEY_FILE']
PROFILE = ENV['ANALYTICS_PROFILE_ID']
def google_analytics_api
client = Google::APIClient.new(
application_name: "Example Application",
application_version: "1.0")
client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token',
:scope => 'https://www.googleapis.com/auth/analytics.readonly',
:issuer => SERVICE_ACCOUNT_EMAIL_ADDRESS,
:signing_key => Google::APIClient::KeyUtils.load_from_pkcs12(PATH_TO_KEY_FILE, 'notasecret')).tap { |auth| auth.fetch_access_token! }
api_method = client.discovered_api('analytics','v3').data.ga.get
# make queries
result = client.execute(:api_method => api_method, :parameters => {
'ids' => PROFILE,
'start-date' => Date.new(2014,1,1).to_s,
'end-date' => Date.today.to_s,
'dimensions' => 'ga:pagePath',
'metrics' => 'ga:pageviews',
'filters' => 'ga:pagePath==/'
})
end
end
end
So if i run the method google_analytics_api i get a set of results returned assigned to the variable result.
So what if i want another 2 separate methods that will return different sets of results, so
new users and bounce rates, that would be two separate calls changing the request params wouldnt it? would i have to repeat the whole method?
Is there a way to refactor this so that the authorization call can be wrapped up in its on method and all i change is the request params assigned to result ?
So something like this
def api_call
logic to make request
end
def new_users
api_call
# make queries
result = client.execute(:api_method => api_method, :parameters => {
'ids' => PROFILE,
'start-date' => Date.new(2014,1,1).to_s,
'end-date' => Date.today.to_s,
'dimensions' => 'ga:pagePath',
'metrics' => 'ga:newUsers',
'filters' => 'ga:pagePath==/'
})
end
One of the problems though will be having the local variables client and result available in the new_users method, what could these be changed to? an instance variable with an #? or a class variable with an ## ?
Your instincts are good - you don't want to repeat yourself, and there are better ways of structuring this code. But rather than sharing variables, you should think about small pieces, loosely joined. Write methods that do one thing well, and combine them together. For instance, we could write a get_client method that just returns a client for other methods to use:
protected
def get_client
client = Google::APIClient.new(
application_name: "Example Application",
application_version: "1.0")
client.authorization = Signet::OAuth2::Client.new(
:token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
:audience => 'https://accounts.google.com/o/oauth2/token',
:scope => 'https://www.googleapis.com/auth/analytics.readonly',
:issuer => SERVICE_ACCOUNT_EMAIL_ADDRESS,
:signing_key => Google::APIClient::KeyUtils.load_from_pkcs12(PATH_TO_KEY_FILE, 'notasecret')).tap { |auth| auth.fetch_access_token! }
client
end
It's protected because external code - stuff outside your Analytic class - shouldn't work with it directly. They should use the methods we provide for them.
You could also provide a helper method for getting results from the API. I'm not familiar with the query API, but it looks like it's your metrics value that changes. So maybe something like this:
protected
def get_result(metrics)
client = self.get_client
api_method = client.discovered_api('analytics','v3').data.ga.get
result = client.execute(:api_method => api_method, :parameters => {
'ids' => PROFILE,
'start-date' => Date.new(2014,1,1).to_s,
'end-date' => Date.today.to_s,
'dimensions' => 'ga:pagePath',
'metrics' => metrics,
'filters' => 'ga:pagePath==/'
})
result
end
Now you can write simple methods that your external classes can use:
def new_users
get_result('ga:newUsers')
end
def total_visits
get_result('ga:pageViews')
end
If you can, try to return simple data from these methods. Maybe total_visits is going to return get_result('ga:pageViews')['totalsForAllResults']['ga:pageviews'] instead. Code outside your class shouldn't have to know about the GA data format to work with it. This is called encapsulation.
From talking on Skype, I think there are several things to look at
Init
Currently, you're using the google_analytics_api method every time you want to use the module. This is completely inefficient, and is partly why you have this issue now. Instead, I would create an init method, which will fire each time you initialize the object (and make GoogleAnalytics into a class of its own):
#lib/google_analytics.rb
Class GoogleAnalytics
def initialize
... google_analytics_api method here
end
end
This will allow you to treat your current module as a real Ruby object - like this:
#analytics = GoogleAnalytics.new #-> fires initialize method
This will give you the ability to call the object (which will pull the data from the API), and then split that data accordingly, for the different use cases you have.
Instance Methods
This leads me nicely onto the idea of instance methods
What you're referring to, and indeed what Alex P is referring to, is the idea of an instance method. This doubles as an attribute for an object, but essentially allows you to call a piece of functionality on an instance of a method.
So in Alex's example, you have:
def new_users
get_result('ga:newUsers')
end
This is just calling an instance method of your class:
GoogleAnalytics::Analytic.new_users
This will create an instance of the Analytic class, and then call the new_users method (which should be a class method). This method will then allow you to call instance methods on the newly initialized object, hence the get_result method call
--
What I'm proposing is to use instance methods after the object has been initialized, giving you acesss to the data defined with google_analytics_api
For example:
#app/controllers/analyics_controller.rb
Class AnalyticsController < ApplicationController
def index
#analytics = GoogleAnalytics.new
#new_users = #analytics.new_users
end
end
#lib/google_analytics.rb
Class GoogleAnalytics
def initialize
... google_analytics_api method here
end
def new_users
return [new_users_data]
end
end
The one caveat to this is whether this will work without the module. I think it should, but it's untested for me
I'm using the paypal SDK for invoicing located here:
https://github.com/paypal/invoice-sdk-ruby
This works great.
I integrated the paypal permissions SDK for rails:
https://github.com/paypal/permissions-sdk-ruby
The authorization workflow is working great.
So now I need to put them together. The documentation for the permissions sdk leaves off after you get your token. It doesn't explain how to use it with the other paypal SDKs (at least not so I could understand :D ) The invoice sdk tells you to see the Auth sdk.
Paypal tells me:
# Third-party Auth headers
-H "X-PAYPAL-SECURITY-SUBJECT:<receiverEdress>" # Merchant's PayPal e-mail
-H "X-PAYPAL-AUTHENTICATION:<OAuthSig>" # Generated OAuth Signature
Don't know how to insert that. The request is generated here in my model:
#create_and_send_invoice = api.build_create_and_send_invoice(paypalized || default_api_value)
The data itself is assembled in the invoice model like so:
paypalized = {
:access_token => self.user.paypal_token,
:invoice => {
:merchantEmail => self.user.paypal_email || self.user.email,
:payerEmail => self.client.email,
:itemList => #itemlist,
:currencyCode => "USD",
:paymentTerms => "DueOnReceipt",
:invoiceDate => self.updated_at,
:number => self.name,
:note => self.description,
:merchantInfo => #businessinfo
# project / Invoice title?
} # end invoice
} # end paypalized
return paypalized
This implementation is not working and the access_token field is being rejected. I looked through the gems associated with the sdks but can't see where the headers themselves are built or how to interact with that.
UPDATE: Found this which gives me a clue...
INVOICE_HTTP_HEADER = { "X-PAYPAL-REQUEST-SOURCE" => "invoice-ruby-sdk-#{VERSION}" }
This seems to be used here during calls in the paypal-sdk-invoice gem:
# Service Call: CreateAndSendInvoice
# #param CreateAndSendInvoiceRequest
# #return CreateAndSendInvoiceResponse
def CreateAndSendInvoice(options = {} , http_header = {})
request_object = BuildCreateAndSendInvoice(options)
request_hash = request_object.to_hash
...
I notice that there's two arguments: options and http_header. It's possible I can modify the http_header argument and pass it this way in my controller:
#create_and_send_invoice_response = api.create_and_send_invoice(#create_and_send_invoice, #cutsom_header)
or maybe
#create_and_send_invoice = api.build_create_and_send_invoice(data, custom_header)
I'll keep this updated since I googled around a lot and couldn't find any clear answers on how to do this...
You have to pass the token and token_secret while creating API object for third-party authentication.
#api = PayPal::SDK::Invoice::API.new({
:token => "replace with token",
:token_secret => "replace with token-secret" })
I haven't been able to find an answer to this online -- aside from using the Google+ Sign In button, which I don't want to use at this point because I don't want to get into Javascript if I don't have to.
I have a Ruby on Rails application (ruby v1.9.3, rails v3.2.13) in which I've hooked up OmniAuth and I'm using the google_oauth2 gem to integrate with Google+.
My simple goal is to allow a user to authenticate with Google+, grant access to my Google API project, and then be able to post a moment to the Google+ user's vault using the google-api-client gem.
I have already setup my Google API Project, created the OAuth 2.0 for Web Applications, and enabled Google+ API service.
I have OmniAuth setup with the following provider and I've added the request_visible_actions option to allow me to post (I think this is correct but haven't seen this used from any code examples I've looked at online...):
provider :google_oauth2, CLIENT_ID, CLIENT_SECRET, {
access_type: 'offline',
scope: 'userinfo.email,userinfo.profile,plus.me,https://www.googleapis.com/auth/plus.login',
request_visible_actions: 'http://schemas.google.com/AddActivity',
redirect_uri: 'http://localhost/auth/google_oauth2/callback'
}
When I redirect my user to /auth/google_oauth2, it sends the user to Google+ to authorize my app and when the user approves, it returns to my callback where I can access the request.env["omniauth.auth"] and it has all the information I would expect, including tokens, email address, etc. I'm storing the access_token from auth["credentials"]["token"].
So far so good, right?
When I try to post the moment using the following code, I encounter an exception indicating a 401 unauthorized error.
client = Google::APIClient.new
client.authorization.access_token = self.access_token
plus = client.discovered_api('plus', 'v1')
moment = {
:type => 'http://schemas.google.com/AddActivity',
:target => { :id => Time.now.to_i.to_s,
:description => message,
:name => message
}
}
# post a moment/activity to the vault/profile
req_opts = { :api_method => plus.moments.insert,
:parameters => { :collection => 'vault', :userId => 'me', },
:body_object => moment
}
response = client.execute!(req_opts).body
I have also tried replacing
client.authorization.access_token = self.access_token
with
credentials = Hash.new
credentials[:access_token] = self.access_token
credentials[:refresh_token] = self.refresh_token
credentials[:expires_at] = self.expires_at
client.authorization.update_token!(credentials)
But no luck.
I think the issue either has to do with:
OmniAuth not issuing the request_visible_actions to Google correctly
Me not setting the token in the Google::APIClient object properly
I've gotten this far using the following resources, but I'm officially stuck:
http://blog.baugues.com/google-calendar-api-oauth2-and-ruby-on-rails
https://developers.google.com/+/api/latest/moments/insert
Any ideas would be appreciated!
Here is my working code from web app using 'omniauth-google-oauth2' along with 'google-api-client'. This sample code uses calendar API, but I guess it will work for you.
require 'google/api_client'
class Calendar
def initialize(user)
#user = user
end
def events
result = api_client.execute(:api_method => calendar.events.list,
:parameters => {'calendarId' => 'primary'},
:authorization => user_credentials)
result.data
end
private
def api_client
#client ||= begin
client = Google::APIClient.new(application_name: 'xxx', application_version: '0.0.1')
client.authorization.client_id = ENV["GOOGLE_KEY"]
client.authorization.client_secret = ENV["GOOGLE_SECRET"]
client.authorization.scope = 'https://www.googleapis.com/auth/calendar'
client
end
end
def calendar
#calendar ||= api_client.discovered_api('calendar', 'v3')
end
def user_credentials
auth = api_client.authorization.dup
# #user.credentials is an OmniAuth::AuthHash cerated from request.env['omniauth.auth']['credentials']
auth.update_token!(access_token: #user.credentials.token)
auth
end
end
In the API console, did you register as a Web application or installed application?
I think for your case you must choose the installed application, so that the token is valid if user is not online.
Try changing https://www.googleapis.com/auth/plus.login with just plus.login. Its working for me with the same setup.
I'm using the omniauth-linkedin gem for my rails application:
https://github.com/skorks/omniauth-linkedin
It should be taking into account new LinkedIn permissions request procedures and scopes, but I am not having success obtaining either email addresses or full profiles (anything other than the default profile overviews).
Here is my omniauth.rb file:
Rails.application.config.middleware.use OmniAuth::Builder do
provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_fullprofile r_emailaddress'
end
The full profile and email address request are going through to LinkedIn initially, before the user enters her/his credentials. However, the scope requests are lost once the user signs in, and only the default profile overview information is accessible.
I think my problem has something to do with having to specifically request those fields within the scopes that I want, as is mentioned on the gem page (https://github.com/skorks/omniauth-linkedin). Still, I have tried adding specific field requests to my omniauth.rb file with no success (email field request below):
Rails.application.config.middleware.use OmniAuth::Builder do
provider :linkedin, ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'], :scope => 'r_fullprofile+r_emailaddress',
:fields => ["id", "email-address", "first-name", "last-name", "headline", "industry", "picture-url", "public-profile-url", "location", "positions", "educations"]
end
Apparently, I am supposed to request the default fields of the profile overview in addition to the non-default fields like email-address, positions, and educations in order to access these latter non-default fields.
LinkedIn email-address should be straightforward, as it is not a structured object like positions or educations are, and I believe I am missing code for specific fields within positions and educations that I want (not sure how i would write that and would love some input on that as well). I am using my new API keys, so I'm not sure what the problem may be. Do I need some kind of special permission from LinkedIn? Help is appreciated! Thank you.
Also, here is the relevant code for my auth controller:
require 'linkedin'
class AuthController < ApplicationController
def auth
client = LinkedIn::Client.new(ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'])
request_token = client.request_token(:oauth_callback =>
"http://#{request.host_with_port}/callback")
session[:rtoken] = request_token.token
session[:rsecret] = request_token.secret
redirect_to client.request_token.authorize_url
end
def callback
client = LinkedIn::Client.new(ENV['LINKEDIN_KEY'], ENV['LINKEDIN_SECRET'])
if current_user.atoken.nil? && current_user.asecret.nil?
pin = params[:oauth_verifier]
atoken, asecret = client.authorize_from_request(session[:rtoken], session[:rsecret], pin)
current_user.atoken = atoken
current_user.asecret = asecret
current_user.uid = client.profile(:fields => ["id"]).id
flash.now[:success] = 'Signed in with LinkedIn.'
elsif current_user.atoken && current_user.asecret
client.authorize_from_access(current_user.atoken, current_user.asecret)
flash.now[:success] = 'Signed in with LinkedIn.'
end
Not sure if this is the most elegant solution, but this worked for me
I just added the config with the scope passed in the request_token_path
LINKEDIN_CONFIGURATION = { :site => 'https://api.linkedin.com',
:authorize_path => '/uas/oauth/authenticate',
:request_token_path =>'/uas/oauth/requestToken?scope=r_basicprofile+r_emailaddress+r_network+r_contactinfo',
:access_token_path => '/uas/oauth/accessToken' }
client = LinkedIn::Client.new(LINKEDIN_API_KEY, LINKEDIN_SECRET_KEY, LINKEDIN_CONFIGURATION )
and the rest of the code is the same.
Be sure to change the client constructor in the callback method as well.