This gem contains a generic OAuth2 strategy for OmniAuth. It is meant to serve as a building block strategy for other strategies and not to be used independently (since it has no inherent way to gather uid and user info).
To create an OmniAuth OAuth2 strategy using this gem, you can simply subclass it and add a few extra methods like so:
require 'omniauth-oauth2'
module OmniAuth
module Strategies
class SomeSite < OmniAuth::Strategies::OAuth2
# Give your strategy a name.
option :name, "some_site"
# This is where you pass the options you would pass when
# initializing your consumer from the OAuth gem.
option :client_options, {:site => "https://api.somesite.com"}
# You may specify that your strategy should use PKCE by setting
# the pkce option to true: https://tools.ietf.org/html/rfc7636
option :pkce, true
# These are called after authentication has succeeded. If
# possible, you should try to set the UID without making
# additional calls (if the user id is returned with the token
# or as a URI parameter). This may not be possible with all
# providers.
uid{ raw_info['id'] }
info do
{
:name => raw_info['name'],
:email => raw_info['email']
}
end
extra do
{
'raw_info' => raw_info
}
end
def raw_info
@raw_info ||= access_token.get('/me').parsed
end
end
end
end
That's pretty much it!
Available as part of the Tidelift Subscription.
The maintainers of OmniAuth-OAuth2 and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use. Learn more.
OmniAuth is tested under 2.5, 2.6, 2.7, truffleruby, and JRuby.
FAQs
Unknown package
We found that omniauth-oauth2 demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 3 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.
Research
Security News
Socket researchers uncover a malicious npm package posing as a tool for detecting vulnerabilities in Etherium smart contracts.