diff --git a/lib/signet/oauth_2/client.rb b/lib/signet/oauth_2/client.rb index 12955dc..44ba2e2 100644 --- a/lib/signet/oauth_2/client.rb +++ b/lib/signet/oauth_2/client.rb @@ -972,8 +972,8 @@ def generate_access_token_request options = {} end parameters.merge! extension_parameters end - parameters["client_id"] = client_id unless client_id.nil? - parameters["client_secret"] = client_secret unless client_secret.nil? + parameters["client_id"] = client_id if !options[:use_basic_auth] && !client_id.nil? + parameters["client_secret"] = client_secret if !options[:use_basic_auth] && !client_secret.nil? if options[:scope] parameters["scope"] = options[:scope] elsif options[:use_configured_scope] && !scope.nil? @@ -990,10 +990,11 @@ def fetch_access_token options = {} options = deep_hash_normalize options client = options[:connection] ||= Faraday.default_connection - url = Addressable::URI.parse(token_credential_uri).normalize.to_s + url = Addressable::URI.parse token_credential_uri parameters = generate_access_token_request options if client.is_a? Faraday::Connection - response = client.post url, + client.basic_auth client_id, client_secret if options[:use_basic_auth] + response = client.post url.normalize.to_s, Addressable::URI.form_encode(parameters), "Content-Type" => "application/x-www-form-urlencoded" status = response.status.to_i @@ -1001,7 +1002,11 @@ def fetch_access_token options = {} content_type = response.headers["Content-type"] else # Hurley - response = client.post url, parameters + if options[:use_basic_auth] + url.user = client_id + url.password = client_secret + end + response = client.post url.normalize.to_s, parameters status = response.status_code.to_i body = response.body content_type = response.header[:content_type] diff --git a/spec/signet/oauth_2/client_spec.rb b/spec/signet/oauth_2/client_spec.rb index c715d79..484030a 100644 --- a/spec/signet/oauth_2/client_spec.rb +++ b/spec/signet/oauth_2/client_spec.rb @@ -659,7 +659,12 @@ def build_form_encoded_response payload @client.client_secret = "secret-12345" @client.refresh_token = "54321" stubs = Faraday::Adapter::Test::Stubs.new do |stub| - stub.post "/token" do + stub.post('/token') do |env| + expect(env[:body]).to eq( + "grant_type=refresh_token&refresh_token=#{@client.refresh_token}&client_id=#{@client.client_id}&client_secret=#{@client.client_secret}" + ) + expect(env.request_headers.key?("Authorization")).to eq(false) + expect(env.request_headers["Content-Type"]).to eq("application/x-www-form-urlencoded") build_json_response( "access_token" => "12345", "refresh_token" => "54321", @@ -679,6 +684,36 @@ def build_form_encoded_response payload stubs.verify_stubbed_calls end + it "should correctly refresh an access token with basic authorization" do + @client.client_id = "client-12345" + @client.client_secret = "secret-12345" + @client.refresh_token = "54321" + basic_auth = Base64.encode64("#{@client.client_id}:#{@client.client_secret}").rstrip + stubs = Faraday::Adapter::Test::Stubs.new do |stub| + stub.post("/token") do |env| + expect(env[:body]).to eq("grant_type=refresh_token&refresh_token=#{@client.refresh_token}") + expect(env.request_headers["Authorization"]).to eq("Basic #{basic_auth}") + expect(env.request_headers["Content-Type"]).to eq("application/x-www-form-urlencoded") + build_json_response( + "access_token" => "12345", + "refresh_token" => "54321", + "expires_in" => "3600" + ) + end + end + connection = Faraday.new(url: 'https://www.google.com') do |builder| + builder.adapter(:test, stubs) + end + @client.fetch_access_token!( + connection: connection, + use_basic_auth: true + ) + expect(@client.access_token).to eq "12345" + expect(@client.refresh_token).to eq "54321" + expect(@client.expires_in).to eq 3600 + stubs.verify_stubbed_calls + end + it "should detect unintential grant type of none" do @client.client_id = "client-12345" @client.client_secret = "secret-12345"