These functions implement the OAuth authorization code flow, as defined by rfc6749, Section 4.1. This is the most commonly used OAuth flow where the user is opens a page in their browser, approves the access, and then returns to R.
oauth_flow_auth_code()
is a high-level wrapper that should
work with APIs that adhere relatively closely to the spec. The remaining
low-level functions can be used to assemble a custom flow for APIs that are
further from the spec:
oauth_flow_auth_code_url()
generates the url where the user is sent.oauth_flow_auth_code_listen()
starts an webserver that listens for the response from the resource server.oauth_flow_auth_code_parse()
parses the query parameters returned from the server redirect, verifying that thestate
is correct, and returning the authorisation code.oauth_flow_auth_code_pkce()
generates code verifier, method, and challenge components as needed for PKCE, as defined in rfc7636.
Usage
oauth_flow_auth_code(
client,
auth_url,
scope = NULL,
pkce = TRUE,
auth_params = list(),
token_params = list(),
host_name = "localhost",
host_ip = "127.0.0.1",
port = httpuv::randomPort()
)
oauth_flow_auth_code_url(
client,
auth_url,
redirect_uri = NULL,
scope = NULL,
state = NULL,
auth_params = list()
)
oauth_flow_auth_code_listen(host_ip = "127.0.0.1", port = 1410)
oauth_flow_auth_code_parse(query, state)
oauth_flow_auth_code_pkce()
Arguments
- client
An
oauth_client()
.- auth_url
Authorization url; you'll need to discover this by reading the documentation.
- scope
Scopes to be requested from the resource owner.
- pkce
Use "Proof Key for Code Exchange"? This adds an extra layer of security and should always be used if supported by the server.
- auth_params
List containing additional parameters passed to
oauth_flow_auth_code_url()
- token_params
List containing additional parameters passed to the
token_url
.- host_name
Host name used to generate
redirect_uri
- host_ip
IP address web server will be bound to.
- port
Port to bind web server to. By default, this uses a random port. You may need to set it to a fixed port if the API requires that the
redirect_uri
specified in the client exactly matches theredirect_uri
generated by this function.- redirect_uri
URL to which user should be redirected.
- state
Random state generated by
oauth_flow_auth_code()
. Used to verify that we're working with an authentication request that we created. (This is an unlikely threat for R packages since the webserver that listens for authorization responses is transient.)- query
List of query parameters returned by
oauth_flow_auth_code_listen()
.
Value
An oauth_token.
See also
Other OAuth flows:
oauth_flow_bearer_jwt()
,
oauth_flow_client_credentials()
,
oauth_flow_device()
,
oauth_flow_password()
,
oauth_flow_refresh()
Examples
client <- oauth_client(
id = "28acfec0674bb3da9f38",
secret = obfuscated(paste0(
"J9iiGmyelHltyxqrHXW41ZZPZamyUNxSX1_uKnv",
"PeinhhxET_7FfUs2X0LLKotXY2bpgOMoHRCo"
)),
token_url = "https://github.com/login/oauth/access_token",
name = "hadley-oauth-test"
)
if (interactive()) {
token <- oauth_flow_auth_code(client, auth_url = "https://github.com/login/oauth/authorize")
token
}