feat: Support for fetching an access token with basic auth

googleapis · Sep 2, 2021 · 3c43e32 · 3c43e32
1 parent aa86c64
commit 3c43e32
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 6 deletions.
diff --git a/lib/signet/oauth_2/client.rb b/lib/signet/oauth_2/client.rb
@@ -972,8 +972,8 @@ def generate_access_token_request options = {}
           end
           parameters.merge! extension_parameters
         end
-        parameters["client_id"] = client_id unless client_id.nil?
-        parameters["client_secret"] = client_secret unless client_secret.nil?
+        parameters["client_id"] = client_id if !options[:use_basic_auth] && !client_id.nil?
+        parameters["client_secret"] = client_secret if !options[:use_basic_auth] && !client_secret.nil?
         if options[:scope]
           parameters["scope"] = options[:scope]
         elsif options[:use_configured_scope] && !scope.nil?
@@ -990,18 +990,23 @@ def fetch_access_token options = {}
         options = deep_hash_normalize options
 
         client = options[:connection] ||= Faraday.default_connection
-        url = Addressable::URI.parse(token_credential_uri).normalize.to_s
+        url = Addressable::URI.parse token_credential_uri
         parameters = generate_access_token_request options
         if client.is_a? Faraday::Connection
-          response = client.post url,
+          client.basic_auth client_id, client_secret if options[:use_basic_auth]
+          response = client.post url.normalize.to_s,
                                  Addressable::URI.form_encode(parameters),
                                  "Content-Type" => "application/x-www-form-urlencoded"
           status = response.status.to_i
           body = response.body
           content_type = response.headers["Content-type"]
         else
           # Hurley
-          response = client.post url, parameters
+          if options[:use_basic_auth]
+            url.user = client_id
+            url.password = client_secret
+          end
+          response = client.post url.normalize.to_s, parameters
           status = response.status_code.to_i
           body = response.body
           content_type = response.header[:content_type]

diff --git a/spec/signet/oauth_2/client_spec.rb b/spec/signet/oauth_2/client_spec.rb
@@ -659,7 +659,12 @@ def build_form_encoded_response payload
     @client.client_secret = "secret-12345"
     @client.refresh_token = "54321"
     stubs = Faraday::Adapter::Test::Stubs.new do |stub|
-      stub.post "/token" do
+      stub.post('/token') do |env|
+        expect(env[:body]).to eq(
+                                "grant_type=refresh_token&refresh_token=#{@client.refresh_token}&client_id=#{@client.client_id}&client_secret=#{@client.client_secret}"
+                              )
+        expect(env.request_headers.key?("Authorization")).to eq(false)
+        expect(env.request_headers["Content-Type"]).to eq("application/x-www-form-urlencoded")
         build_json_response(
           "access_token"  => "12345",
           "refresh_token" => "54321",
@@ -679,6 +684,36 @@ def build_form_encoded_response payload
     stubs.verify_stubbed_calls
   end
 
+  it "should correctly refresh an access token with basic authorization" do
+    @client.client_id = "client-12345"
+    @client.client_secret = "secret-12345"
+    @client.refresh_token = "54321"
+    basic_auth = Base64.encode64("#{@client.client_id}:#{@client.client_secret}").rstrip
+    stubs = Faraday::Adapter::Test::Stubs.new do |stub|
+      stub.post("/token") do |env|
+        expect(env[:body]).to eq("grant_type=refresh_token&refresh_token=#{@client.refresh_token}")
+        expect(env.request_headers["Authorization"]).to eq("Basic #{basic_auth}")
+        expect(env.request_headers["Content-Type"]).to eq("application/x-www-form-urlencoded")
+        build_json_response(
+          "access_token"  => "12345",
+          "refresh_token" => "54321",
+          "expires_in"    => "3600"
+        )
+      end
+    end
+    connection = Faraday.new(url: 'https://www.google.com') do |builder|
+      builder.adapter(:test, stubs)
+    end
+    @client.fetch_access_token!(
+      connection: connection,
+      use_basic_auth: true
+    )
+    expect(@client.access_token).to eq "12345"
+    expect(@client.refresh_token).to eq "54321"
+    expect(@client.expires_in).to eq 3600
+    stubs.verify_stubbed_calls
+  end
+
   it "should detect unintential grant type of none" do
     @client.client_id = "client-12345"
     @client.client_secret = "secret-12345"