Reference documentation and code samples for the googleauth class Google::Auth::WebUserAuthorizer.
Varation onUserAuthorizeradapted for Rack based
web applications.
Example usage:
get('/') do
user_id = request.session['user_email']
credentials = authorizer.get_credentials(user_id, request)
if credentials.nil?
redirect authorizer.get_authorization_url(user_id: user_id,
request: request)
end
# Credentials are valid, can call APIs
...
end
get('/oauth2callback') do
url = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(
request)
redirect url
end
Instead of implementing the callback directly, applications are
encouraged to useCallbackAppinstead.
Handle the result of the oauth callback. This version defers the
exchange of the code by temporarily stashing the results in the user's
session. This allows apps to use the genericCallbackApphandler for the callback
without any additional customization.
Apps that wish to handle the callback directly should use#handle_auth_callbackinstead.
Parameter
request(Rack::Request) — Current request
Returns
(String, nil) — Redirect URI if successfully extracted, nil otherwise
.principal
defself.principal()->Symbol
Returns the principal identifier for this web authorizer
This is a class method that returns a symbol since
we might not have a client_id in the static callback context
Returns
(Symbol) — The symbol for web user authorization
.validate_callback_state
defself.validate_callback_state(state,request)
Verifies the results of an authorization callback
Parameters
state(Hash) — Callback state
request(Rack::Request) — Current request
Raises
(Google::Auth::AuthorizationError) — If the authorization code is missing, there's an error in the callback state,
or the state token doesn't match
#get_authorization_url
defget_authorization_url(options={})->String
Build the URL for requesting authorization.
Parameters
login_hint(String) — Login hint if need to authorize a specific account. Should be a
user's email address or unique profile ID.
request(Rack::Request) — Current request
redirect_to(String) — Optional URL to proceed to after authorization complete. Defaults to
the current URL.
scope(String, Array<String>) — Authorization scope to request. Overrides the instance scopes if
not nil.
state(Hash) — Optional key-values to be returned to the oauth callback.
Fetch stored credentials for the user from the given request session.
Parameters
user_id(String) — Unique ID of the user for loading/storing credentials.
request(Rack::Request) — Current request. Optional. If omitted, this will attempt to fall back
on the base class behavior of reading from the token store.
scope(Array<String>, String) — If specified, only returns credentials that have all the \
requested scopes
client_id(Google::Auth::ClientID) — Configured ID & secret for this application
scope(String, Array<String>) — Authorization scope to request
token_store(Google::Auth::Stores::TokenStore) — Backing storage for persisting user credentials
legacy_callback_uri(String) — URL (either absolute or relative) of the auth callback. Defaults
to '/oauth2callback'.
@deprecated This field is deprecated. Instead, use the keyword
argument callback_uri.
code_verifier(String)(defaults to: nil)— Random string of 43-128 chars used to verify the key exchange using
PKCE.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# googleauth - Class Google::Auth::WebUserAuthorizer (v1.15.0)\n\nVersion latestkeyboard_arrow_down\n\n- [1.15.0 (latest)](/ruby/docs/reference/googleauth/latest/Google-Auth-WebUserAuthorizer)\n- [1.14.0](/ruby/docs/reference/googleauth/1.14.0/Google-Auth-WebUserAuthorizer)\n- [1.13.1](/ruby/docs/reference/googleauth/1.13.1/Google-Auth-WebUserAuthorizer)\n- [1.12.2](/ruby/docs/reference/googleauth/1.12.2/Google-Auth-WebUserAuthorizer) \nReference documentation and code samples for the googleauth class Google::Auth::WebUserAuthorizer.\n\nVaration on [UserAuthorizer](/ruby/docs/reference/googleauth/latest/Google-Auth-UserAuthorizer \"Google::Auth::UserAuthorizer (class)\") adapted for Rack based\nweb applications.\n\n\nExample usage: \n\n get('/') do\n user_id = request.session['user_email']\n credentials = authorizer.get_credentials(user_id, request)\n if credentials.nil?\n redirect authorizer.get_authorization_url(user_id: user_id,\n request: request)\n end\n # Credentials are valid, can call APIs\n ...\n\nend\n\nget('/oauth2callback') do\nurl = Google::Auth::WebUserAuthorizer.handle_auth_callback_deferred(\nrequest)\nredirect url\nend\n\n\u003cbr /\u003e\n\nInstead of implementing the callback directly, applications are\nencouraged to use [CallbackApp](/ruby/docs/reference/googleauth/latest/Google-Auth-WebUserAuthorizer-CallbackApp \"Google::Auth::WebUserAuthorizer::CallbackApp (class)\") instead. \n\nInherits\n--------\n\n- [Google::Auth::UserAuthorizer](./Google-Auth-UserAuthorizer)\n\nMethods\n-------\n\n### .default\n\n def self.default()\n\nReturns the value of attribute default.\n\n### .default=\n\n def self.default=(value)\n\nSets the attribute default\n\n### .extract_callback_state\n\n def self.extract_callback_state(request) -\u003e Array\u003cHash, String\u003e\n\nExtract the callback state from the request \n**Parameter**\n\n- **request** (Rack::Request) --- Current request \n**Returns**\n\n- (Array\\\u003cHash, String\\\u003e) --- Callback state and redirect URI\n\n### .handle_auth_callback_deferred\n\n def self.handle_auth_callback_deferred(request) -\u003e String, nil\n\nHandle the result of the oauth callback. This version defers the\nexchange of the code by temporarily stashing the results in the user's\nsession. This allows apps to use the generic\n[CallbackApp](/ruby/docs/reference/googleauth/latest/Google-Auth-WebUserAuthorizer-CallbackApp \"Google::Auth::WebUserAuthorizer::CallbackApp (class)\") handler for the callback\nwithout any additional customization.\n\n\n\u003cbr /\u003e\n\nApps that wish to handle the callback directly should use\n[#handle_auth_callback](/ruby/docs/reference/googleauth/latest/Google-Auth-WebUserAuthorizer#Google__Auth__WebUserAuthorizer_handle_auth_callback_instance_ \"Google::Auth::WebUserAuthorizer#handle_auth_callback (method)\") instead. \n**Parameter**\n\n- **request** (Rack::Request) --- Current request \n**Returns**\n\n- (String, nil) --- Redirect URI if successfully extracted, nil otherwise\n\n### .principal\n\n def self.principal() -\u003e Symbol\n\nReturns the principal identifier for this web authorizer\nThis is a class method that returns a symbol since\nwe might not have a client_id in the static callback context \n**Returns**\n\n- (Symbol) --- The symbol for web user authorization\n\n### .validate_callback_state\n\n def self.validate_callback_state(state, request)\n\nVerifies the results of an authorization callback \n**Parameters**\n\n- **state** (Hash) --- Callback state\n- **request** (Rack::Request) --- Current request \n**Raises**\n\n- ([Google::Auth::AuthorizationError](./Google-Auth-AuthorizationError)) --- If the authorization code is missing, there's an error in the callback state, or the state token doesn't match\n\n### #get_authorization_url\n\n def get_authorization_url(options = {}) -\u003e String\n\nBuild the URL for requesting authorization. \n**Parameters**\n\n- **login_hint** (String) --- Login hint if need to authorize a specific account. Should be a user's email address or unique profile ID.\n- **request** (Rack::Request) --- Current request\n- **redirect_to** (String) --- Optional URL to proceed to after authorization complete. Defaults to the current URL.\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope to request. Overrides the instance scopes if not nil.\n- **state** (Hash) --- Optional key-values to be returned to the oauth callback. \n**Returns**\n\n- (String) --- Authorization url \n**Raises**\n\n- ([Google::Auth::InitializationError](./Google-Auth-InitializationError)) --- If request is nil or request.session is nil\n\n### #get_credentials\n\n def get_credentials(user_id, request = nil, scope = nil) -\u003e Google::Auth::UserRefreshCredentials\n\nFetch stored credentials for the user from the given request session. \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **request** (Rack::Request) --- Current request. Optional. If omitted, this will attempt to fall back on the base class behavior of reading from the token store.\n- **scope** (Array\\\u003cString\\\u003e, String) --- If specified, only returns credentials that have all the \\\\ requested scopes \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials)) --- Stored credentials, nil if none present \n**Raises**\n\n- ([Google::Auth::AuthorizationError](./Google-Auth-AuthorizationError)) --- If the authorization code is missing, there's an error in the request, or the state token doesn't match\n\n### #handle_auth_callback\n\n def handle_auth_callback(user_id, request) -\u003e Google::Auth::UserRefreshCredentials, String\n\nHandle the result of the oauth callback. Exchanges the authorization\ncode from the request and persists to storage. \n**Parameters**\n\n- **user_id** (String) --- Unique ID of the user for loading/storing credentials.\n- **request** (Rack::Request) --- Current request \n**Returns**\n\n- ([Google::Auth::UserRefreshCredentials](./Google-Auth-UserRefreshCredentials), String) --- credentials \\& next URL to redirect to\n\n### #initialize\n\n def initialize(client_id, scope, token_store, legacy_callback_uri = nil, callback_uri: nil, code_verifier: nil) -\u003e WebUserAuthorizer\n\nInitialize the authorizer \n**Parameters**\n\n- **client_id** (Google::Auth::ClientID) --- Configured ID \\& secret for this application\n- **scope** (String, Array\\\u003cString\\\u003e) --- Authorization scope to request\n- **token_store** (Google::Auth::Stores::TokenStore) --- Backing storage for persisting user credentials\n- **legacy_callback_uri** (String) --- URL (either absolute or relative) of the auth callback. Defaults to '/oauth2callback'. @deprecated This field is deprecated. Instead, use the keyword argument callback_uri.\n- **code_verifier** (String) *(defaults to: nil)* --- Random string of 43-128 chars used to verify the key exchange using PKCE. \n**Returns**\n\n- ([WebUserAuthorizer](./Google-Auth-WebUserAuthorizer)) --- a new instance of WebUserAuthorizer\n\nConstants\n---------\n\n### STATE_PARAM\n\n**value:**\"state\".freeze\n\n### AUTH_CODE_KEY\n\n**value:**\"code\".freeze\n\n### ERROR_CODE_KEY\n\n**value:**\"error\".freeze\n\n### SESSION_ID_KEY\n\n**value:**\"session_id\".freeze\n\n### CALLBACK_STATE_KEY\n\n**value:**\"g-auth-callback\".freeze\n\n### CURRENT_URI_KEY\n\n**value:**\"current_uri\".freeze\n\n### XSRF_KEY\n\n**value:**\"g-xsrf-token\".freeze\n\n### SCOPE_KEY\n\n**value:**\"scope\".freeze\n\n### NIL_REQUEST_ERROR\n\n**value:**\"Request is required.\".freeze\n\n### NIL_SESSION_ERROR\n\n**value:**\"Sessions must be enabled\".freeze\n\n### MISSING_AUTH_CODE_ERROR\n\n**value:**\"Missing authorization code in request\".freeze\n\n### AUTHORIZATION_ERROR\n\n**value:**\"Authorization error: %s\".freeze\n\n### INVALID_STATE_TOKEN_ERROR\n\n**value:**\"State token does not match expected value\".freeze"]]
