Reference documentation and code samples for the googleauth class Google::Auth::UserAuthorizer.
Handles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.
Example usage for a simple command line app:
credentials = authorizer.get_credentials(user_id)
if credentials.nil?
url = authorizer.get_authorization_url(
base_url: OOB_URI)
puts "Open the following URL in the browser and enter the " +
"resulting code after authorization"
puts url
code = gets
credentials = authorizer.get_and_store_credentials_from_code(
user_id: user_id, code: code, base_url: OOB_URI)
end
# Credentials ready to use, call APIs
...
Inherits
Object
Methods
.generate_code_verifier
defself.generate_code_verifier()
Generate the code verifier needed to be sent while fetching
authorization URL.
#code_verifier=
defcode_verifier=(new_code_verifier)
The code verifier for PKCE for OAuth 2.0. When set, the
authorization URI will contain the Code Challenge and Code
Challenge Method querystring parameters, and the token URI will
contain the Code Verifier parameter.
Exchanges an authorization code returned in the oauth callback.
Additionally, stores the resulting credentials in the token store if
the exchange is successful.
Parameters
user_id(String) — Unique ID of the user for loading/storing credentials.
code(String) — The authorization code from the OAuth callback
scope(String, Array<String>) — Authorization scope requested. Overrides the instance
scopes if not nil.
base_url(String) — Absolute URL to resolve the configured callback uri against.
Required if the configured
callback uri is a relative.
client_id(Google::Auth::ClientID) — Configured ID & secret for this application
scope(String, Array<String>) — Authorization scope to request
token_store(Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
legacy_callback_uri(String) — URL (either absolute or relative) of the auth callback.
Defaults to '/oauth2callback'.
@deprecated This field is deprecated. Instead, use the keyword
argument callback_uri.
code_verifier(String)(defaults to: nil)— Random string of 43-128 chars used to verify the key exchange using
PKCE.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# googleauth - Class Google::Auth::UserAuthorizer (v1.15.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.15.0 (latest)](/ruby/docs/reference/googleauth/latest/Google-Auth-UserAuthorizer)\n- [1.14.0](/ruby/docs/reference/googleauth/1.14.0/Google-Auth-UserAuthorizer)\n- [1.13.1](/ruby/docs/reference/googleauth/1.13.1/Google-Auth-UserAuthorizer)\n- [1.12.2](/ruby/docs/reference/googleauth/1.12.2/Google-Auth-UserAuthorizer) \nReference documentation and code samples for the googleauth class Google::Auth::UserAuthorizer.\n\nHandles an interactive 3-Legged-OAuth2 (3LO) user consent authorization.\n\nExample usage for a simple command line app: \n\n credentials = authorizer.get_credentials(user_id)\n if credentials.nil?\n url = authorizer.get_authorization_url(\n base_url: OOB_URI)\n puts \"Open the following URL in the browser and enter the \" +\n \"resulting code after authorization\"\n puts url\n code = gets\n credentials = authorizer.get_and_store_credentials_from_code(\n user_id: user_id, code: code, base_url: OOB_URI)\n end\n # Credentials ready to use, call APIs\n ...\n\nInherits\n--------\n\n- Object\n\nMethods\n-------\n\n### .generate_code_verifier\n\n def self.generate_code_verifier()\n\nGenerate the code verifier needed to be sent while fetching\nauthorization URL.\n\n### #code_verifier=\n\n def code_verifier=(new_code_verifier)\n\nThe code verifier for PKCE for OAuth 2.0. When set, the\nauthorization URI will contain the Code Challenge and Code\nChallenge Method querystring parameters, and the token URI will\ncontain the Code Verifier parameter. \n**Parameter**\n\n- **new_code_erifier** (String\\|nil)\n\n### #get_and_store_credentials_from_code\n\n def get_and_store_credentials_from_code(options = {}) -\u003e Google::Auth::UserRefreshCredentials\n\nExchanges an authorization code returned in the oauth callback.\nAdditionally, stores the resulting credentials in the token store if\nthe exchange is successful. \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **code** (String) --- The authorization code from the OAuth callback\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope requested. Overrides the instance scopes if not nil.\n- **base_url** (String) --- Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative. \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- Credentials if exchange is successful\n\n### #get_authorization_url\n\n def get_authorization_url(options = {}) -\u003e String\n\nBuild the URL for requesting authorization. \n**Parameters**\n\n- **login_hint** (String) --- Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.\n- **state** (String) --- Opaque state value to be returned to the oauth callback.\n- **base_url** (String) --- Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope to request. Overrides the instance scopes if not nil.\n- **additional_parameters** (Hash) --- Additional query parameters to be added to the authorization URL. \n**Returns**\n\n- (String) --- Authorization url\n\n### #get_credentials\n\n def get_credentials(user_id, scope = nil) -\u003e Google::Auth::UserRefreshCredentials\n\nFetch stored credentials for the user. \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **scope** (Array\\\u003cString\\\u003e, String) --- If specified, only returns credentials that have all the requested scopes \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- Stored credentials, nil if none present \n**Raises**\n\n- ([Google::Auth::CredentialsError](./Google-Auth-CredentialsError)) --- If the client ID in the stored token doesn't match the configured client ID\n\n### #get_credentials_from_code\n\n def get_credentials_from_code(options = {}) -\u003e Google::Auth::UserRefreshCredentials\n\nExchanges an authorization code returned in the oauth callback \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **code** (String) --- The authorization code from the OAuth callback\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope requested. Overrides the instance scopes if not nil.\n- **base_url** (String) --- Absolute URL to resolve the configured callback uri against. Required if the configured callback uri is a relative.\n- **additional_parameters** (Hash) --- Additional parameters to be added to the post body of token endpoint request. \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- Credentials if exchange is successful\n\n### #initialize\n\n def initialize(client_id, scope, token_store, legacy_callback_uri = nil, callback_uri: nil, code_verifier: nil) -\u003e UserAuthorizer\n\nInitialize the authorizer \n**Parameters**\n\n- **client_id** (Google::Auth::ClientID) --- Configured ID \\& secret for this application\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope to request\n- **token_store** (Google::Auth::Stores::TokenStore) --- Backing storage for persisting user credentials\n- **legacy_callback_uri** (String) --- URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'. @deprecated This field is deprecated. Instead, use the keyword argument callback_uri.\n- **code_verifier** (String) *(defaults to: nil)* --- Random string of 43-128 chars used to verify the key exchange using PKCE. \n**Returns**\n\n- ([UserAuthorizer](./Google-Auth-UserAuthorizer)) --- a new instance of UserAuthorizer \n**Raises**\n\n- ([Google::Auth::InitializationError](./Google-Auth-InitializationError)) --- If client_id is nil or scope is nil\n\n### #revoke_authorization\n\n def revoke_authorization(user_id)\n\nRevokes a user's credentials. This both revokes the actual\ngrant as well as removes the token from the token store. \n**Parameter**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n\n### #store_credentials\n\n def store_credentials(user_id, credentials) -\u003e Google::Auth::UserRefreshCredentials\n\nStore credentials for a user. Generally not required to be\ncalled directly, but may be used to migrate tokens from one\nstore to another. \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **credentials** ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- Credentials to store. \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- The stored credentials\n\nConstants\n---------\n\n### MISMATCHED_CLIENT_ID_ERROR\n\n**value:**\"Token client ID of %s does not match configured client id %s\".freeze\n\n### NIL_CLIENT_ID_ERROR\n\n**value:**\"Client id can not be nil.\".freeze\n\n### NIL_SCOPE_ERROR\n\n**value:**\"Scope can not be nil.\".freeze\n\n### NIL_USER_ID_ERROR\n\n**value:**\"User ID can not be nil.\".freeze\n\n### NIL_TOKEN_STORE_ERROR\n\n**value:**\"Can not call method if token store is nil\".freeze\n\n### MISSING_ABSOLUTE_URL_ERROR\n\n**value:**'Absolute base url required for relative callback url \"%s\"'.freeze"]]
