Module: OAuth
- Defined in:
- lib/oauth/oauth.rb,
lib/oauth/client.rb,
lib/oauth/helper.rb,
lib/oauth/server.rb,
lib/oauth/version.rb,
lib/oauth/consumer.rb,
lib/oauth/optional.rb,
lib/oauth/signature.rb,
lib/oauth/errors/error.rb,
lib/oauth/tokens/token.rb,
lib/oauth/client/helper.rb,
lib/oauth/request_proxy.rb,
lib/oauth/errors/problem.rb,
lib/oauth/signature/base.rb,
lib/oauth/oauth_test_helper.rb,
lib/oauth/request_proxy/base.rb,
lib/oauth/signature/rsa/sha1.rb,
lib/oauth/errors/unauthorized.rb,
lib/oauth/signature/hmac/sha1.rb,
lib/oauth/signature/plaintext.rb,
lib/oauth/tokens/access_token.rb,
lib/oauth/tokens/server_token.rb,
lib/oauth/tokens/request_token.rb,
lib/oauth/signature/hmac/sha256.rb,
lib/oauth/tokens/consumer_token.rb,
lib/oauth/request_proxy/net_http.rb,
lib/oauth/request_proxy/curb_request.rb,
lib/oauth/request_proxy/mock_request.rb,
lib/oauth/request_proxy/rack_request.rb,
lib/oauth/request_proxy/jabber_request.rb,
lib/oauth/request_proxy/em_http_request.rb,
lib/oauth/request_proxy/typhoeus_request.rb,
lib/oauth/request_proxy/rest_client_request.rb,
lib/oauth/request_proxy/action_dispatch_request.rb,
lib/oauth/request_proxy/action_controller_request.rb
Defined Under Namespace
Modules: Client, Helper, OAuthTestHelper, Optional, RequestProxy, Signature, Version Classes: AccessToken, Consumer, ConsumerToken, Error, Problem, RequestToken, Server, ServerToken, Token, Unauthorized
Constant Summary collapse
- OUT_OF_BAND =
Out-Of-Band callback token value.
OAuth 1.0 and 1.0a both support out-of-band flows, where callbacks cannot be used.
See RFC 5849 (OAuth 1.0), Section 6.1.1: Obtaining an Unauthorized Request Token
and the 1.0a errata. Providers treating “oob” as the callback URL indicate that
the verifier (for 1.0a) will be communicated out of band to the Consumer. "oob"- PARAMETERS =
OAuth parameter keys this library recognizes when normalizing/signing requests.
Notes on 1.0 vs 1.0a:- oauth_verifier: Introduced by OAuth 1.0a. Returned to the Consumer after user
authorization and required when exchanging a Request Token for an Access Token
(Section 6.3.1 in RFC 5849 / 1.0a change). - oauth_callback: Present in 1.0; 1.0a clarified that the Consumer MUST send it when
obtaining a Request Token (or use “oob”) and that the Service Provider MUST return
oauth_callback_confirmed=true with the Request Token response to prevent session
fixation attacks. Note that oauth_callback_confirmed is a response parameter, not
a request signing parameter, and thus is not listed here.
Other keys are common to both 1.0 and 1.0a.
- oauth_verifier: Introduced by OAuth 1.0a. Returned to the Consumer after user
%w[ oauth_callback oauth_consumer_key oauth_token oauth_signature_method oauth_timestamp oauth_nonce oauth_verifier oauth_version oauth_signature oauth_body_hash ].freeze
- RESERVED_CHARACTERS =
reserved character regexp, per section 5.1
/[^a-zA-Z0-9\-._~]/.freeze