require 'rack/oauth2' | |
Rack::OAuth2.debug! | |
client = Rack::OAuth2::Client.new( | |
identifier: 'YOUR_CLIENT_ID', | |
secret: 'YOUR_CLIENT_SECRET', | |
redirect_uri: 'YOUR_REDIRECT_URI', | |
authorization_endpoint: 'https://accounts.google.com/o/oauth2/v2/auth', | |
token_endpoint: 'https://oauth2.googleapis.com/token' | |
) | |
code_verifier = SecureRandom.hex(32) | |
code_challenge = Base64.urlsafe_encode64(OpenSSL::Digest::SHA256.digest(code_verifier), padding: false) | |
authorization_url = client.authorization_uri( | |
scope: 'email', | |
# code_challenge: code_challenge, | |
# code_challenge_method: :S256 | |
) | |
puts authorization_url | |
`open "#{authorization_url}"` | |
print 'code: ' and STDOUT.flush | |
code = gets.chop | |
client.authorization_code = code | |
client.access_token!( | |
code_verifier: code_verifier | |
) | |
# NOTE: if code_challange isn't sent at AuthZ Req, you should get an error as below. | |
# | |
# Status: 400 Bad Request | |
# | |
# { | |
# "error": "invalid_grant", | |
# "error_description": "code_verifier or verifier is not needed." | |
# } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment