lib/nylas/resources/auth.rb in nylas-6.0.0.beta.3 vs lib/nylas/resources/auth.rb in nylas-6.0.0.beta.4

- old
+ new

@@ -57,11 +57,11 @@ # Builds the URL for authenticating users to your application with OAuth 2.0 and PKCE. # IMPORTANT: You must store the 'secret' returned to use it inside the CodeExchange flow. # # @param config [Hash] Configuration for building the URL. - # @return [OpenStruct] URL for hosted authentication with the secret and the hashed secret. + # @return [Hash] URL for hosted authentication with the secret and the hashed secret. def url_for_oauth2_pkce(config) url = url_auth_builder(config) # Generates a secret and hashes it. secret = SecureRandom.uuid @@ -69,24 +69,22 @@ # Adds code challenge to URL generation. url.query = build_query_with_pkce(config, secret_hash) # Returns the URL with secret and hashed secret. - OpenStruct.new(secret: secret, secret_hash: secret_hash, url: url.to_s) + { secret: secret, secret_hash: secret_hash, url: url.to_s } end # Builds the URL for admin consent authentication for Microsoft. # # @param config [Hash] Configuration for the authentication request. # @return [String] URL for hosted authentication. def url_for_admin_consent(config) config_with_provider = config.merge("provider" => "microsoft") url = url_auth_builder(config_with_provider) + url.query = build_query_with_admin_consent(config) - query_params = build_query_with_admin_consent(config) - url.query = URI.encode_www_form(query_params) - url.to_s end # Revokes a single access token. # @@ -100,91 +98,104 @@ } ) true end + # Detects the provider of an email address. + # @param params [Hash] Parameters to detect the provider. + # @return [Array(Hash, String)] Detected provider, if found and API Request ID. + def detect_provider(params) + post( + path: "#{api_uri}/v3/providers/detect", + query_params: params + ) + end + private # Builds the query with admin consent authentication for Microsoft. # # @param config [Hash] Configuration for the query. - # @return [Array(Hash, String)] Updated list of parameters, including those specific to admin + # @return [String] Updated list of parameters, including those specific to admin # consent. def build_query_with_admin_consent(config) params = build_query(config) # Appends new params specific for admin consent. - params["response_type"] = "adminconsent" - params["credential_id"] = config["credentialId"] + params[:provider] = "microsoft" + params[:response_type] = "adminconsent" + params[:credential_id] = config[:credential_id] if config[:credential_id] - params + URI.encode_www_form(params).gsub("+", "%20") end # Builds the query with PKCE. # # @param config [Hash] Configuration for the query. # @param secret_hash [Hash] Hashed secret. - # @return [Array(Hash, String)] Updated list of encoded parameters, including those specific + # @return [String] Updated list of encoded parameters, including those specific # to PKCE. def build_query_with_pkce(config, secret_hash) params = build_query(config) # Appends new PKCE specific params. - params["code_challenge_method"] = "s256" - params["code_challenge"] = secret_hash + params[:code_challenge_method] = "s256" + params[:code_challenge] = secret_hash - URI.encode_www_form(params) + URI.encode_www_form(params).gsub("+", "%20") end # Builds the authentication URL. # # @param config [Hash] Configuration for the query. - # @return [Array(Hash, String)] List of components for the authentication URL. + # @return [URI] List of components for the authentication URL. def url_auth_builder(config) builder = URI.parse(api_uri) builder.path = "/v3/connect/auth" - builder.query = build_query(config) + builder.query = URI.encode_www_form(build_query(config)).gsub!("+", "%20") builder end # Builds the query. # # @param config [Hash] Configuration for the query. - # @return [Array(Hash, String)] List of encoded parameters for the query. + # @return [Hash] List of parameters to encode in the query. def build_query(config) params = { - "client_id" => config[:client_id], - "redirect_uri" => config[:redirect_uri], - "access_type" => config[:access_type] || "online", - "response_type" => "code" + client_id: config[:client_id], + redirect_uri: config[:redirect_uri], + access_type: config[:access_type] || "online", + response_type: "code" } - params["provider"] = config[:provider] if config[:provider] - params["prompt"] = config[:prompt] if config[:prompt] - params["metadata"] = config[:metadata] if config[:metadata] - params["state"] = config[:state] if config[:state] - params["scope"] = config[:scope].join(" ") if config[:scope] + params[:provider] = config[:provider] if config[:provider] + params[:prompt] = config[:prompt] if config[:prompt] + params[:metadata] = config[:metadata] if config[:metadata] + params[:state] = config[:state] if config[:state] + params[:scope] = config[:scope].join(" ") if config[:scope] if config[:login_hint] - params["login_hint"] = config[:login_hint] - params["include_grant_scopes"] = config[:include_grant_scopes].to_s if config[:include_grant_scopes] + params[:login_hint] = config[:login_hint] + params[:include_grant_scopes] = config[:include_grant_scopes].to_s if config[:include_grant_scopes] end - URI.encode_www_form(params) + params end - # Hashes the secret for PKCE authentication. + # Hash a plain text secret for use in PKCE. # - # @param secret [String] Randomly-generated authentication secret. - # @return [Hash] Hashed authentication secret. + # @param secret [String] The plain text secret to hash. + # @return [String] The hashed secret with base64 encoding (without padding). def hash_pkce_secret(secret) - Digest::SHA256.digest(secret).unpack1("H*") - Base64.strict_encode64(Digest::SHA256.digest(secret)) + sha256_hash = Digest::SHA256.hexdigest(secret) + Base64.urlsafe_encode64(sha256_hash, padding: false) end # Sends the token request to the Nylas API. # # @param request [Hash] Code exchange request. def execute_token_request(request) + request[:client_secret] = api_key if request[:client_secret].nil? + execute( method: :post, path: "#{api_uri}/v3/connect/token", query: {}, payload: request,