Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit bf25a71

Browse files
committed
📝 Document OAuth 1.0, 1.0a differences
1 parent 3bde8b0 commit bf25a71

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

74 files changed

+1376
-549
lines changed

‎.idea/oauth.iml‎

Lines changed: 0 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

‎.rubocop_gradual.lock‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -4,16 +4,16 @@
44
[33, 5, 44, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 645541231],
55
[34, 7, 10, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 4071527614]
66
],
7-
"lib/oauth/consumer.rb:2772211062": [
8-
[210, 9, 4, "Lint/UnderscorePrefixedVariableName: Do not use prefix `_` for a variable that is used.", 2089552532],
9-
[368, 21, 4, "Lint/UnderscorePrefixedVariableName: Do not use prefix `_` for a variable that is used.", 2089552529]
7+
"lib/oauth/consumer.rb:437026603": [
8+
[241, 9, 4, "Lint/UnderscorePrefixedVariableName: Do not use prefix `_` for a variable that is used.", 2089552532],
9+
[399, 21, 4, "Lint/UnderscorePrefixedVariableName: Do not use prefix `_` for a variable that is used.", 2089552529]
1010
],
1111
"lib/oauth/request_proxy.rb:1529370509": [
1212
[5, 5, 76, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 485336097],
1313
[6, 7, 18, "ThreadSafety/ClassInstanceVariable: Avoid class instance variables.", 1482835337],
1414
[9, 5, 467, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 4088662367]
1515
],
16-
"lib/oauth/request_proxy/base.rb:3218240175": [
16+
"lib/oauth/request_proxy/base.rb:2146952171": [
1717
[11, 7, 93, "Style/ClassMethodsDefinitions: Use `class << self` to define a class method.", 2934170116]
1818
],
1919
"lib/oauth/signature.rb:745501939": [

‎CHANGELOG.md‎

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ Please file a bug if you notice a violation of semantic versioning.
2323
- Stop relying on URI / CGI for escaping and unescaping
2424
- They are both unstable across supported versions of Ruby (including 3.5 HEAD)
2525
- Tests against Rails-specific code are now run in CI
26+
- Documented OAuth 1.0, 1.0a differences
2627
### Changed
2728
- converted minitest => rspec
2829
### Deprecated

‎README.md‎

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,30 @@ See the sibling `oauth2` gem for OAuth 2.0, 2.1, & OIDC clients in Ruby.
3232
[oauth1-spec]: http://oauth.net/core/1.0/
3333
[sibling-gem]: https://gitlab.com/ruby-oauth/oauth2
3434

35+
## OAuth 1.0 vs 1.0a: What this library implements
36+
37+
This gem targets the OAuth 1.0a behavior (the errata that became RFC 5849), while maintaining compatibility with providers that still behave like classic 1.0.
38+
Here are the key lines between the two and how this gem handles them:
39+
40+
- oauth_callback
41+
- 1.0: Optional in practice; some providers accepted flows without it.
42+
- 1.0a: Consumer SHOULD send oauth_callback when obtaining a Request Token, or explicitly use the out-of-band value "oob".
43+
- This gem: If you do not pass oauth_callback, we default it to "oob" (OUT_OF_BAND). You can opt-out by passing exclude_callback: true.
44+
- oauth_callback_confirmed
45+
- 1.0: Not specified.
46+
- 1.0a: Service Provider MUST return oauth_callback_confirmed=true with the Request Token response. This mitigates session fixation.
47+
- This gem: Parses token responses but does not include oauth_callback_confirmed in the signature base string (it is a response param, not a signed request param).
48+
- oauth_verifier
49+
- 1.0: Not present.
50+
- 1.0a: After the user authorizes, the Provider returns an oauth_verifier to the Consumer, and the Consumer MUST include it when exchanging the Request Token for an Access Token.
51+
- This gem: Supports oauth_verifier across request helpers and request proxies; pass oauth_verifier to get_access_token in 3‐legged flows.
52+
53+
Practical guidance:
54+
- For 3‐legged flows, always supply oauth_callback when calling consumer.get_request_token, and include oauth_verifier when calling request_token.get_access_token.
55+
- For command‐line or non-HTTP clients, use the special OUT_OF_BAND value ("oob") as the oauth_callback and prompt the user to paste back the displayed verifier.
56+
57+
References: [RFC 5849 (OAuth 1.0)](https://datatracker.ietf.org/doc/html/rfc5849), sections 5–7; [1.0a security errata](https://oauth.net/core/1.0a/).
58+
3559
OAuth Ruby has been maintained by a large number of talented
3660
individuals over the years.
3761
The primary maintainer since 2020 is Peter Boling (@pboling).

‎docs/ActionController.html‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ <h2>Defined Under Namespace</h2>
105105
</div>
106106

107107
<div id="footer">
108-
Generated on Fri Sep 12 10:55:44 2025 by
108+
Generated on Mon Sep 15 00:31:56 2025 by
109109
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
110110
0.9.37 (ruby-3.4.5).
111111
</div>

‎docs/ActionController/Base.html‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -238,7 +238,7 @@ <h3 class="signature " id="process_with_oauth-instance_method">
238238
</div>
239239

240240
<div id="footer">
241-
Generated on Fri Sep 12 10:55:45 2025 by
241+
Generated on Mon Sep 15 00:31:57 2025 by
242242
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
243243
0.9.37 (ruby-3.4.5).
244244
</div>

‎docs/ActionController/TestRequest.html‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -613,7 +613,7 @@ <h3 class="signature " id="set_oauth_query_string-instance_method">
613613
</div>
614614

615615
<div id="footer">
616-
Generated on Fri Sep 12 10:55:45 2025 by
616+
Generated on Mon Sep 15 00:31:57 2025 by
617617
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
618618
0.9.37 (ruby-3.4.5).
619619
</div>

‎docs/EventMachine.html‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -116,7 +116,7 @@ <h2>Overview</h2><div class="docstring">
116116
</div>
117117

118118
<div id="footer">
119-
Generated on Fri Sep 12 10:55:44 2025 by
119+
Generated on Mon Sep 15 00:31:56 2025 by
120120
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
121121
0.9.37 (ruby-3.4.5).
122122
</div>

‎docs/EventMachine/HttpClient.html‎

Lines changed: 17 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -250,12 +250,12 @@ <h3 class="signature first" id="oauth_helper-instance_method">
250250
<pre class="lines">
251251

252252

253-
11
254-
12
255-
13</pre>
253+
13
254+
14
255+
15</pre>
256256
</td>
257257
<td>
258-
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 11</span>
258+
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 13</span>
259259

260260
<span class='kw'>def</span> <span class='id identifier rubyid_oauth_helper'>oauth_helper</span>
261261
<span class='ivar'>@oauth_helper</span>
@@ -299,19 +299,19 @@ <h3 class="signature first" id="normalize_uri-instance_method">
299299
<pre class="lines">
300300

301301

302-
72
303-
73
304302
74
305303
75
306304
76
307305
77
308306
78
309307
79
310308
80
311-
81</pre>
309+
81
310+
82
311+
83</pre>
312312
</td>
313313
<td>
314-
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 72</span>
314+
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 74</span>
315315

316316
<span class='kw'>def</span> <span class='id identifier rubyid_normalize_uri'>normalize_uri</span>
317317
<span class='ivar'>@normalized_uri</span> <span class='op'>||=</span> <span class='kw'>begin</span>
@@ -368,8 +368,6 @@ <h3 class="signature " id="oauth!-instance_method">
368368
<pre class="lines">
369369

370370

371-
27
372-
28
373371
29
374372
30
375373
31
@@ -381,10 +379,12 @@ <h3 class="signature " id="oauth!-instance_method">
381379
37
382380
38
383381
39
384-
40</pre>
382+
40
383+
41
384+
42</pre>
385385
</td>
386386
<td>
387-
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 27</span>
387+
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 29</span>
388388

389389
<span class='kw'>def</span> <span class='id identifier rubyid_oauth!'>oauth!</span><span class='lparen'>(</span><span class='id identifier rubyid_http'>http</span><span class='comma'>,</span> <span class='id identifier rubyid_consumer'>consumer</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_token'>token</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_options'>options</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
390390
<span class='id identifier rubyid_options'>options</span> <span class='op'>=</span> <span class='lbrace'>{</span>
@@ -444,8 +444,6 @@ <h3 class="signature " id="signature_base_string-instance_method">
444444
<pre class="lines">
445445

446446

447-
55
448-
56
449447
57
450448
58
451449
59
@@ -456,10 +454,12 @@ <h3 class="signature " id="signature_base_string-instance_method">
456454
64
457455
65
458456
66
459-
67</pre>
457+
67
458+
68
459+
69</pre>
460460
</td>
461461
<td>
462-
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 55</span>
462+
<pre class="code"><span class="info file"># File 'lib/oauth/client/em_http.rb', line 57</span>
463463

464464
<span class='kw'>def</span> <span class='id identifier rubyid_signature_base_string'>signature_base_string</span><span class='lparen'>(</span><span class='id identifier rubyid_http'>http</span><span class='comma'>,</span> <span class='id identifier rubyid_consumer'>consumer</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_token'>token</span> <span class='op'>=</span> <span class='kw'>nil</span><span class='comma'>,</span> <span class='id identifier rubyid_options'>options</span> <span class='op'>=</span> <span class='lbrace'>{</span><span class='rbrace'>}</span><span class='rparen'>)</span>
465465
<span class='id identifier rubyid_options'>options</span> <span class='op'>=</span> <span class='lbrace'>{</span>
@@ -484,7 +484,7 @@ <h3 class="signature " id="signature_base_string-instance_method">
484484
</div>
485485

486486
<div id="footer">
487-
Generated on Fri Sep 12 10:55:44 2025 by
487+
Generated on Mon Sep 15 00:31:57 2025 by
488488
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
489489
0.9.37 (ruby-3.4.5).
490490
</div>

‎docs/Net.html‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -105,7 +105,7 @@ <h2>Defined Under Namespace</h2>
105105
</div>
106106

107107
<div id="footer">
108-
Generated on Fri Sep 12 10:55:44 2025 by
108+
Generated on Mon Sep 15 00:31:56 2025 by
109109
<a href="https://yardoc.org" title="Yay! A Ruby Documentation Tool" target="_parent">yard</a>
110110
0.9.37 (ruby-3.4.5).
111111
</div>

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /