如何让我的谷歌oauth只尝试和授权在某一路线上的应用程序

Question

我有一个谷歌Oauth，将使用户授权当用户转到我的网页，但我只希望他们必须授权应用程序我可以访问和刷新令牌，当他们去某个页面输入一个谷歌的API信息。谷歌正在授权他们的任何路线，他们在任何想法如何阻止this.Ruby不会让我在这个任何一条路线。

def user_credentials 
# Build a per-request oauth credential based on token stored in 
session 
# which allows us to use a shared API client. 
@authorization ||= (
auth = settings.authorization.dup 
auth.redirect_uri = to('/oauth2callback') 
auth.update_token!(session) 
auth 
) 
end 

configure do 

Google::Apis::ClientOptions.default.application_name = 'Get Login 
info for Google Ad Exchange' 
Google::Apis::ClientOptions.default.application_version = '1.0.0' 

client_secrets = Google::APIClient::ClientSecrets.load 
authorization = client_secrets.to_authorization 
authorization.scope = 
'https://www.googleapis.com/auth/adexchange.seller.readonly' 

    set :authorization, authorization 
end 

before do 
# Ensure user has authorized the app 
unless user_credentials.access_token || request.path_info =~ 
/^\/oauth2/ 
redirect to('/oauth2authorize') 
end 
end 


after do 
# Serialize the access/refresh token to the session and credential 
store. 
# We could potentially need to pull back the client_id and 
client_secret as well and add them to the dynamo database. 

# session[:client_id] = user_credentials.client_id 
# session[:client_secret] = user_credentials.client_secret 
    session[:access_token] = user_credentials.access_token 
    session[:refresh_token] = user_credentials.refresh_token 
    session[:expires_in] = user_credentials.expires_in 
    session[:issued_at] = user_credentials.issued_at 

    end 

get '/oauth2authorize' do 
# Request authorization 
redirect user_credentials.authorization_uri.to_s, 303 
end 

get '/oauth2callback' do 
# Exchange token 
user_credentials.code = params[:code] if params[:code] 
user_credentials.fetch_access_token! 
redirect to('/') 

    end 

Answer 1

想通了，这意味着较早发布的方式，但对这个职位的警告，所以我想通ID更新我们所做的事情，以阿克它的工作。

get '/googleauth' do 
    salesforce_username = params[:salesforce_username] || '' 
    unless session.has_key?(:credentials) 
    redirect to('/oauth2callback') 
end 
    client_opts = JSON.parse(session[:credentials]) 
    auth_client = Signet::OAuth2::Client.new(client_opts) 
    redirect to('/googleadx') 
end 

get '/oauth2callback' do 
    client_secrets = Google::APIClient::ClientSecrets.load 
    auth_client = client_secrets.to_authorization 
    auth_client.update!(
    :scope => 'https://www.googleapis.com/auth/adexchange.seller.readonly', 
:redirect_uri => url('/oauth2callback')) 
if request['code'] == nil 
    auth_uri = auth_client.authorization_uri.to_s 
    redirect to(auth_uri) 
else 
    auth_client.code = request['code'] 
    auth_client.fetch_access_token! 
    session[:access_token] = auth_client.access_token 
    session[:refresh_token] = auth_client.refresh_token 
    session[:expires_in] = auth_client.expires_in 
    session[:issued_at] = auth_client.issued_at 
    auth_client.client_secret = nil 
    session[:credentials] = auth_client.to_json 
    redirect to('/googleadx') 
end 
end 

get '/googleadx' do 

# configure() 

if params[:username] 
    successmessage = params[:username] + "'s credentials added successfully." 
else 
    message = '' 
end 

salesforce_username = session[:salesforce_username] || '' 
access_token = session[:access_token] 
refresh_token = session[:refresh_token] 
googleDollarLimit = '' 

erb :googleadx, locals: {message: message, successmessage: successmessage, salesforce_username: salesforce_username, access_token: access_token, refresh_token: refresh_token, googleDollarLimit: googleDollarLimit} 
end