I'm new to Box Api and ruby. I am trying trying refreshing token, but I'm not sure about what is token_refresh_callback in the below code
client = Boxr::Client.new('zX3UjFwNerOy5PSWc2WI8aJgMHtAjs8T',
refresh_token: 'dvfzfCQoIcRi7r4Yeuar7mZnaghGWexXlX89sBaRy1hS9e5wFroVVOEM6bs0DwPQ',
client_id: 'kplh54vfeagt6jmi4kddg4xdswwvrw8y',
client_secret: 'sOsm9ZZ8L8svwrn9FsdulLQVwDizKueU',
&token_refresh_callback)
Also, once my access token is expired, does this method revoke the token?
Thanks for the help!
Using the Access and Refresh Tokens
The access_token is the actual string needed to make API requests.Each access_token is valid for 1 hour.In order to get a new, valid token, you can use the accompanying refresh_token.Each refresh_token is valid for one use in 60 days.Every time you get a new access_token by using a refresh_token,
we reset your timer for the 60 day period and hand you a new refresh_token.
This means that as long as your users use your application once every 60 days, their login is valid forever.
In box_api_controller.rb file
def make_request
#Check access token expire or not.
check_access_token_expire = check_access_token_expire_dt
if check_access_token_expire.split("-")[0] == "access_token"
#Create client by passing Token
#box_client = Boxr::Client.new(check_access_token_expire.split("-")[1])
cookies[:token] = check_access_token_expire.split("-")[1]
else
if check_access_token_expire.split("-")[0] == "refresh_token"
#Call method
create_post_req_url("refresh_token","refresh_token",check_access_token_expire.split("-")[1])
else
# kick off authorization flow
parameters = "response_type=code&client_id=<your client id>&redirect_uri=<your application url>/handle_user_decision/&state=security_token"
url = "https://account.box.com/api/oauth2/authorize?#{parameters}"
redirect_to url
end
end
end
After authorized the client id, get code in response
def handle_user_decision
# kick off authorization flow
#Get authorization code
code_url = Rack::Utils.parse_query URI(request.original_url).query
code = code_url["code"]
#Call method
create_post_req_url("authorization_code","code", code)
end
Create Post Url
def create_post_req_url(grant_type,header, code)
#Set oauth2 url
uri = URI.parse("https://api.box.com//oauth2//token")
#Passing parameter
data = "grant_type=#{grant_type}&#{header}=#{code}&client_id=<your client id>&client_secret=<your client secret key>"
#Set header
headers = {"Content-Type" => "application/x-www-form-urlencoded"}
#Get http request
http = Net::HTTP.new(uri.host,uri.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
#Do post the URL
response = http.post(uri.path,data.to_s,headers)
#Check response
if response.code != "200"
flash[:alert] =":#{response.code} #{JSON.parse(response.body)}"
else
#flash[:alert] ="#{response.body.to_json}"
parsed = JSON.parse(response.body) # returns a hash
token = parsed["access_token"]
cookies[:token] = nil
cookies[:token] = token
if grant_type == "authorization_code"
#Insert BOX access token details
user = "<your drive user name>"
insert_access_token(user, token, parsed["refresh_token"], Time.now)
else
if grant_type == "refresh_token"
#Update BOX access token
updt_access_token(user, token, code, parsed["refresh_token"], Time.now)
end
end
redirect_to box_api_index_path
end
end
Check access token expire or not
def check_access_token_expire_dt
#access_token_time = BoxApiAccessToken.getaccesstokentime
if !#access_token_time.blank?
#access_token_time.each do |token_details |
if token_details.access_token_dt != nil
if token_details.new_access_token_dt.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M') < Time.now.to_datetime.new_offset(Rational(9, 24)).strftime('%Y/%m/%d %H:%M')
check_access_token_expire_dt = "refresh_token-#{token_details.refresh_access_token}"
return check_access_token_expire_dt
else
check_access_token_expire_dt = "access_token-#{token_details.access_token}"
return check_access_token_expire_dt
end
else
check_access_token_expire_dt = "new_token-req_new_token"
return check_access_token_expire_dt
end
end
else
check_access_token_expire_dt = "new_token-req_new_token"
return check_access_token_expire_dt
end
end
In Model
def insert_access_token(user,access_token,refresh_access_token,access_token_dt)
#box_access_token = BoxApiAccessToken.new(
:user => user,
:access_token => access_token,
:refresh_access_token => refresh_access_token,
:access_token_dt => access_token_dt)
#Save User Device Data
#box_access_token.save
end
#Update access_token,refresh_access_token,access_token_dt details in DB
def updt_access_token(user,access_token, refresh_access_token,new_refresh_access_token,access_token_dt)
##box_access_token_updt = BoxApiAccessToken.find_refresh_access_token(refresh_access_token)
#box_access_token_updt = BoxApiAccessToken.find_by_refresh_access_token(refresh_access_token)
attributes = {:access_token => access_token,:access_token_dt => access_token_dt, :refresh_access_token => new_refresh_access_token, :updated_at => access_token_dt}
#Update the object
#box_access_token_updt.update_attributes(attributes)
end
In index.html.erb
<%= form_tag(:controller => "box_api", :action => 'make_request') do |f| %>
<div class="form-group"><%= submit_tag("Box Login", class: "btn btn-primary") %></div><% end %>
I just want to want to request an access token and then after it expires refresh it using refresh token and cycle. How do you think i can do it?
Related
I have a google Oauth that will make the user authorize when a user goes to my webpage, however I only want them to have to authorize the app so that I can get their access and refresh tokens when they go to certain page to enter a google api information.Google is making them authorize no matter what route they are on any ideas on how to stop this.Ruby wont let me any of this in a route.
def user_credentials
# Build a per-request oauth credential based on token stored in
session
# which allows us to use a shared API client.
#authorization ||= (
auth = settings.authorization.dup
auth.redirect_uri = to('/oauth2callback')
auth.update_token!(session)
auth
)
end
configure do
Google::Apis::ClientOptions.default.application_name = 'Get Login
info for Google Ad Exchange'
Google::Apis::ClientOptions.default.application_version = '1.0.0'
client_secrets = Google::APIClient::ClientSecrets.load
authorization = client_secrets.to_authorization
authorization.scope =
'https://www.googleapis.com/auth/adexchange.seller.readonly'
set :authorization, authorization
end
before do
# Ensure user has authorized the app
unless user_credentials.access_token || request.path_info =~
/^\/oauth2/
redirect to('/oauth2authorize')
end
end
after do
# Serialize the access/refresh token to the session and credential
store.
# We could potentially need to pull back the client_id and
client_secret as well and add them to the dynamo database.
# session[:client_id] = user_credentials.client_id
# session[:client_secret] = user_credentials.client_secret
session[:access_token] = user_credentials.access_token
session[:refresh_token] = user_credentials.refresh_token
session[:expires_in] = user_credentials.expires_in
session[:issued_at] = user_credentials.issued_at
end
get '/oauth2authorize' do
# Request authorization
redirect user_credentials.authorization_uri.to_s, 303
end
get '/oauth2callback' do
# Exchange token
user_credentials.code = params[:code] if params[:code]
user_credentials.fetch_access_token!
redirect to('/')
end
Figured it out, meant to post way earlier but had an alert on this post so i figured id update to what we did to ake it work.
get '/googleauth' do
salesforce_username = params[:salesforce_username] || ''
unless session.has_key?(:credentials)
redirect to('/oauth2callback')
end
client_opts = JSON.parse(session[:credentials])
auth_client = Signet::OAuth2::Client.new(client_opts)
redirect to('/googleadx')
end
get '/oauth2callback' do
client_secrets = Google::APIClient::ClientSecrets.load
auth_client = client_secrets.to_authorization
auth_client.update!(
:scope => 'https://www.googleapis.com/auth/adexchange.seller.readonly',
:redirect_uri => url('/oauth2callback'))
if request['code'] == nil
auth_uri = auth_client.authorization_uri.to_s
redirect to(auth_uri)
else
auth_client.code = request['code']
auth_client.fetch_access_token!
session[:access_token] = auth_client.access_token
session[:refresh_token] = auth_client.refresh_token
session[:expires_in] = auth_client.expires_in
session[:issued_at] = auth_client.issued_at
auth_client.client_secret = nil
session[:credentials] = auth_client.to_json
redirect to('/googleadx')
end
end
get '/googleadx' do
# configure()
if params[:username]
successmessage = params[:username] + "'s credentials added successfully."
else
message = ''
end
salesforce_username = session[:salesforce_username] || ''
access_token = session[:access_token]
refresh_token = session[:refresh_token]
googleDollarLimit = ''
erb :googleadx, locals: {message: message, successmessage: successmessage, salesforce_username: salesforce_username, access_token: access_token, refresh_token: refresh_token, googleDollarLimit: googleDollarLimit}
end
I have been following a tutorial on GitHub Pages and
I am trying to pass an Apikey to a webservice as basic auth 'apiKey' => 'huda7da97hre3rhr1yrh0130409u1u' for example but I cannot work out how to implement it into the method, or even if that is the proper place for it.
I have a class called connection with my request method in it. I need to post 'apiKey' as header and not in the body. I have read the ruby docs but I cannot work out how to apply it to this specific class.
require "net/http"
require "uri"
require "ostruct"
require "json"
class Connection
ENDPOINT = "http://localhost"
APP_LOCATION = "/task_manager/v1/"
VERB_MAP = {
:get => Net::HTTP::Get,
:post => Net::HTTP::Post,
:put => Net::HTTP::Put,
:delete => Net::HTTP::Delete
}
def initialize(endpoint = ENDPOINT)
uri = URI.parse(endpoint)
#http = Net::HTTP.new(uri.host, uri.port)
end
def get(path, params)
request_json :get, path, params
end
def post(path, params)
request_json :post, APP_LOCATION + path, params
end
def put(path, params)
request_json :put, path, params
end
def delete(path, params)
request_json :delete, path, params
end
private
def request_json(method, path, params)
response = request(method, path, params)
body = JSON.parse(response.body)
OpenStruct.new(:code => response.code, :body => body)
rescue JSON::ParserError
response
end
def request(method, path, params = {})
case method
when :get
full_path = encode_path_params(path, params)
request = VERB_MAP[method.to_sym].new(full_path)
else
request = VERB_MAP[method.to_sym].new(path)
request.set_form_data(params)
end
#http.request(request)
end
def encode_path_params(path, params)
encoded = URI.encode_www_form(params)
[path, encoded].join("?")
end
end
If I post to the server using Advanced Rest Client and put the apikey in the
http://localhost/task_manager/v1/tasks?=
header
Authorization: 9c62acdda8fe12507a435345bb9b2338
and in the body
email=free%40mail.com&password=free&task=test
then I get
{
error: false
message: "Task created successfully"
task_id: 5
}
So how can I post it using this class?.
connection = Connection.new
result = connection.post("task", {'task' => 'task'})
Basic Authentication example:
req = Net::HTTP::Get.new(uri)
req.basic_auth 'user', 'pass'
http://docs.ruby-lang.org/en/trunk/Net/HTTP.html#class-Net::HTTP-label-Basic+Authentication
Or if you want to add a raw Authorization header in your request method you can do
request.add_field 'Authorization', 'huda7da97hre3rhr1yrh0130409u1u'
But basic authentication normally means that there is a user name and a password. With your API key - I am not sure you actually need basic authentication. I do not know what you API actually requires but if you have not tried it yet you can try sending the api key as an additional parameter
result = connection.post("register", {'email' => email, 'name' => name, 'password' => password, 'apiKey' => 'huda7da97hre3rhr1yrh0130409u1u' })
I using oauth-ruby gem for a while, and I already implemented 2 types of auth:
default one
and custom, which uses OTP sent via sms
Both of them works perfectly now
But now i'm trying to implement new(3) 2-legged oauth. And I ran in to issues which I actually can't understand.
All my signed requests using access token from (3) are failing because of invalid token. For (1-2) it works without any issues.
Signing requests is implemented via RestClient.before_execution_proc:
RestClient.add_before_execution_proc do |req, params|
access_token.sign!(req)
end
I suppose the problem comes from access_token = OAuth::AccessToken as there actual difference between other 2.
Any suggestions or advices will be very helpful
1.
def default_oauth(login, pass, device: Device.new)
#cookies = login_req(login, pass).cookies
headers = common_headers.merge("Cookie" => #cookies)
#Get request token
request_token = consumer.get_request_token
# Authorize request key
authorize = RestClient.post(base_url + '/oauth/authorize',
{ requestToken: request_token.token, authorize: 'Authorize'},
headers) {|response, request, result| response }
auth_url_resp = RestClient.get(authorize.headers[:location], headers: headers) {|response, request, result| response }
# Get Access key
access_token = request_token.get_access_token
end
2.
def custom_oauth(phone, pin, otp: nil, device: Device.new)
otp = phone.to_s[-5..-1] if otp.nil?
resp = RestClient.post("#{base_url}/rest/smartphone/otp/sms-sender/#{phone}", '', common_headers) {|response, request, result| response }
request_token = consumer.get_request_token
payload = {
device: device.to_h,
otp: otp,
password: pin.to_s,
requestToken: request_token.token
}
headers = json_headers.merge('Cookie' => otp)
authorize = RestClient.post(base_url + '/oauth/otp-authorization',
payload.to_json, headers) {|response, request, result| response }
#access_token = request_token.get_access_token
end
3.
def new_oauth(login, pass, entry, device: Device.new)
tkn = consumer.get_request_token.token
payload = {
username: login,
password: pass.to_s,
requestToken: tkn,
entryPoint: entry,
device: device.to_h
}
headers =json_headers(device.id)
resp = RestClient.post("#{base_url}/oauth/login-authorization", payload.to_json, headers) {|response, request, result| response}
hsh ={oauth_token: resp.headers[:accesstoken], oauth_token_secret: resp.headers[:tokensecret] }
access_token = OAuth::AccessToken.from_hash(consumer, hsh)
end
Consumer:
def consumer
#consumer ||= build_consumer
end
def build_consumer
key = 'key_string'
secret ='secret_string'
OAuth::Consumer.new(key, secret, :site => base_url)
end
Issue was related to server (Spring) encoding stuff. oauth-ruby gem is escaping token secret (Combined secret or Encryption key) which is used for signature creation. Spring by default doing the same on server side.
Unescaping access_token.secret fixed this issue:
access_token.secret = OAuth::Helper.unescape(access_token.secret)
I am setting session in "/login" post request so when i trying to access that session in other api the session value will be nil.
post '/login', :provides => :json do
params = JSON.parse(request.env["rack.input"].read)
uname = params["username"]
session[:username] = random_string
return session[:username]
end
get '/list' do
puts session[:username]
end
"/list" call print "nil" in command line
What is the solution to use that session outside this post request once it set by "/login"?
In my Sinatra app, I've created the following middleware to ensure the incoming request contains the parameter "token" in the query string
class CheckMandatoryParams
def initialize(app)
#app = app
end
def call(env)
# Get token from query string
h = Hash[*env["QUERY_STRING"].split('&').map {|s| s.split('=')}.flatten]
token = h["token"]
# Do not authorize request unless both parameters are not null
if token.nil? then
Log.instance.error("CheckMandatoryParams - token not provided")
[401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, ["Unauthorized"]]
else
Log.instance.debug("CheckMandatoryParams - token provided")
#app.call(env)
end
end
end
In the case the params exists, the next app is calls and everything goes fine.
In the case the params is not in the query string, the response is not sent, I receive a huge html file indicating an error at the line ' [401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, ["Unauthorized"]]' but I cannot figure out what is wrong.
Any idea?
UPDATE
This is working better like that :)
body = "Unauthorized"
[401, {"Content-Type" => "text/plain", "Content-Length" => body.length.to_s}, [body]]
I did not manage to retrieve the param with the following code though:
request = Rack::Request.new(env)
token = request.params["token"]
It looks like the "body" variable may be undefined. One possible way to rewrite your code would be as follows:
class CheckMandatoryParams
def initialize(app)
#app = app
end
def call(env)
request = Rack::Request.new(env)
token = request.params["token"]
if token.nil?
[401, {"Content-Type" => "text/plain", "Content-Length" => request.body.length.to_s}, ["Unauthorized"]]
else
#app.call(env)
end
end
end