Merge pull request #38 from activescott/add-setTokenPayloadHandler

Eric Koleda · Eric Koleda · commit aa7f519d3b21 · 2016-04-15T09:45:42.000-04:00
Adding support for setTokenPayloadHandler to support Smartsheet API.
diff --git a/README.md b/README.md
@@ -186,7 +186,16 @@ in these requests.
       'Authorization': 'Basic ' + Utilities.base64Encode(CLIENT_ID + ':' + CLIENT_SECRET)
     });
 
-See the [FitBit sample](samples/FitBit.gs) for the compelte code.
+See the [FitBit sample](samples/FitBit.gs) for the complete code.
+
+#### Modifying the access token payload
+Similar to Setting additional token headers, some services, such as the Smartsheet API, require you to [add a hash to the access token request payloads](http://smartsheet-platform.github.io/api-docs/?javascript#oauth-flow). The `setTokenPayloadHandler` method allows you to pass in a function to modify the payload of an access token request before the request is sent to the token endpoint:
+ 
+ 
+    // Set the handler for modifying the access token request payload:
+    .setTokenPayloadHandler(myTokenHandler)
+
+See the [Smartsheet sample](samples/Smartsheet.gs) for the complete code.
 
 #### Service Accounts
 
diff --git a/dist/OAuth2.gs b/dist/OAuth2.gs
@@ -60,7 +60,7 @@ if (module) {
   module.exports = {
     createService: createService,
     getRedirectUri: getRedirectUri
-  }
+  };
 }
 
 // Copyright 2014 Google Inc. All Rights Reserved.
@@ -81,6 +81,10 @@ if (module) {
  * @fileoverview Contains the Service_ class.
  */
 
+// Disable JSHint warnings for the use of eval(), since it's required to prevent
+// scope issues in Apps Script.
+// jshint evil:true
+
 /**
  * Creates a new OAuth2 service.
  * @param {string} serviceName The name of the service.
@@ -148,6 +152,16 @@ Service_.prototype.setTokenHeaders = function(tokenHeaders) {
   return this;
 };
 
+/**
+ * Sets an additional function to invoke on the payload of the access token request.
+ * @param Object tokenHandler A function to invoke on the payload of the request for an access token.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setTokenPayloadHandler = function(tokenHandler) {
+  this.tokenPayloadHandler_ = tokenHandler;
+  return this; 
+};
+
 /**
  * Sets the project key of the script that contains the authorization callback function (required).
  * The project key can be found in the Script Editor UI under "File > Project properties".
@@ -235,7 +249,7 @@ Service_.prototype.setCache = function(cache) {
  */
 Service_.prototype.setScope = function(scope, opt_separator) {
   var separator = opt_separator || ' ';
-  this.params_['scope'] = _.isArray(scope) ? scope.join(separator) : scope;
+  this.params_.scope = _.isArray(scope) ? scope.join(separator) : scope;
   return this;
 };
 
@@ -352,16 +366,21 @@ Service_.prototype.handleCallback = function(callbackRequest) {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
+  var tokenPayload = {
+    code: code,
+    client_id: this.clientId_,
+    client_secret: this.clientSecret_,
+    redirect_uri: redirectUri,
+    grant_type: 'authorization_code'
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler: %s', JSON.stringify(tokenPayload));
+  }
   var response = UrlFetchApp.fetch(this.tokenUrl_, {
     method: 'post',
     headers: headers,
-    payload: {
-      code: code,
-      client_id: this.clientId_,
-      client_secret: this.clientSecret_,
-      redirect_uri: redirectUri,
-      grant_type: 'authorization_code'
-    },
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var token = this.getTokenFromResponse_(response);
@@ -441,7 +460,7 @@ Service_.prototype.getLastError = function() {
 Service_.prototype.getTokenFromResponse_ = function(response) {
   var token = this.parseToken_(response.getContentText());
   if (response.getResponseCode() != 200 || token.error) {
-    var reason = [token.error, token.error_description, token.error_uri].filter(Boolean).join(', ');
+    var reason = [token.error, token.message, token.error_description, token.error_uri].filter(Boolean).join(', ');
     if (!reason) {
       reason = response.getResponseCode() + ': ' + JSON.stringify(token);
     }
@@ -464,7 +483,7 @@ Service_.prototype.parseToken_ = function(content) {
     } catch (e) {
       throw 'Token response not valid JSON: ' + e;
     }
-  } else if (this.tokenFormat_ = TOKEN_FORMAT.FORM_URL_ENCODED) {
+  } else if (this.tokenFormat_ == TOKEN_FORMAT.FORM_URL_ENCODED) {
     token = content.split('&').reduce(function(result, pair) {
       var parts = pair.split('=');
       result[decodeURIComponent(parts[0])] = decodeURIComponent(parts[1]);
@@ -497,15 +516,20 @@ Service_.prototype.refresh = function() {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
-  var response = UrlFetchApp.fetch(this.tokenUrl_, {
-    method: 'post',
-    headers: headers,
-    payload: {
+  var tokenPayload = {
       refresh_token: token.refresh_token,
       client_id: this.clientId_,
       client_secret: this.clientSecret_,
       grant_type: 'refresh_token'
-    },
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler (refresh): %s', JSON.stringify(tokenPayload));
+  }
+  var response = UrlFetchApp.fetch(this.tokenUrl_, {
+    method: 'post',
+    headers: headers,
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var newToken = this.getTokenFromResponse_(response);
@@ -639,10 +663,10 @@ Service_.prototype.createJwt_ = function() {
     iat: Math.round(now.getTime() / 1000)
   };
   if (this.subject_) {
-    claimSet['sub'] = this.subject_;
+    claimSet.sub = this.subject_;
   }
-  if (this.params_['scope']) {
-   claimSet['scope'] =  this.params_['scope'];
+  if (this.params_.scope) {
+   claimSet.scope =  this.params_.scope;
   }
   var toSign = Utilities.base64EncodeWebSafe(JSON.stringify(header)) + '.' + Utilities.base64EncodeWebSafe(JSON.stringify(claimSet));
   var signatureBytes = Utilities.computeRsaSha256Signature(toSign, this.privateKey_);
@@ -705,7 +729,7 @@ function validate_(params) {
  * @private
  */
 function isEmpty_(value) {
-  return value == null || value == undefined ||
+  return value === null || value === undefined ||
       ((_.isObject(value) || _.isString(value)) && _.isEmpty(value));
 }
 
diff --git a/samples/Smartsheet.gs b/samples/Smartsheet.gs
@@ -0,0 +1,98 @@
+var CLIENT_ID = '...';
+var CLIENT_SECRET = '...';
+
+/**
+ * Authorizes and makes a request to the GitHub API.
+ */
+function run() {
+  var service = getService();
+  if (service.hasAccess()) {
+    var url = 'https://api.smartsheet.com/2.0/users/me';
+    var response = UrlFetchApp.fetch(url, {
+      headers: {
+        Authorization: 'Bearer ' + service.getAccessToken()
+      }
+    });
+    var result = JSON.parse(response.getContentText());
+    Logger.log(JSON.stringify(result, null, 2));
+  } else {
+    var authorizationUrl = service.getAuthorizationUrl();
+    Logger.log('Open the following URL and re-run the script: %s',
+        authorizationUrl);
+  }
+}
+
+/**
+ * Reset the authorization state, so that it can be re-tested.
+ */
+function reset() {
+  var service = getService();
+  service.reset();
+}
+
+/**
+ * Configures the service.
+ */
+function getService() {
+  return OAuth2.createService('Smartsheet')
+      // Set the endpoint URLs.
+      .setAuthorizationBaseUrl('https://app.smartsheet.com/b/authorize')
+      .setTokenUrl('https://api.smartsheet.com/2.0/token')
+
+      // Set the client ID and secret.
+      .setClientId(CLIENT_ID)
+      .setClientSecret(CLIENT_SECRET)
+
+      // Set the name of the callback function that should be invoked to complete
+      // the OAuth flow.
+      .setCallbackFunction('authCallback')
+
+      // Set the property store where authorized tokens should be persisted.
+      .setPropertyStore(PropertiesService.getUserProperties())
+  
+      // Scopes to request
+      .setScope('READ_SHEETS')
+            
+      // Set the handler for adding Smartsheet's required SHA hash parameter to the payload:
+      .setTokenPayloadHandler(smartsheetTokenHandler)
+}
+
+/**
+ * Handles the OAuth callback.
+ */
+function authCallback(request) {
+  var service = getService();
+  var authorized = service.handleCallback(request);
+  if (authorized) {
+    return HtmlService.createHtmlOutput('Success!');
+  } else {
+    return HtmlService.createHtmlOutput('Denied');
+  }
+}
+
+/**
+ * Adds the Smartsheet API's required SHA256 hash parameter to the access token request payload.
+ */
+function smartsheetTokenHandler(payload) {
+  var codeOrRefreshToken = payload.code ? payload.code : payload.refresh_token;
+  var input = CLIENT_SECRET + "|" + codeOrRefreshToken;
+  var hash = Utilities.computeDigest(Utilities.DigestAlgorithm.SHA_256,
+                                          input,
+                                          Utilities.Charset.UTF_8);
+  hash = hash.map(function(val) {
+    // Google appears to treat these as signed bytes, but we need them unsigned...
+    if (val < 0)
+      val += 256;
+    var str = val.toString(16);
+    // pad to two hex digits:
+    if (str.length == 1)
+      str = '0' + str;
+    return str;
+  });
+  payload.hash = hash.join("");
+  // The Smartsheet API doesn't need the client secret sent (secret is verified by the hash)
+  if (payload.client_secret) {
+    delete payload.client_secret;
+  }
+  return payload;  
+}
diff --git a/src/Service.gs b/src/Service.gs
@@ -87,6 +87,16 @@ Service_.prototype.setTokenHeaders = function(tokenHeaders) {
   return this;
 };
 
+/**
+ * Sets an additional function to invoke on the payload of the access token request.
+ * @param Object tokenHandler A function to invoke on the payload of the request for an access token.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setTokenPayloadHandler = function(tokenHandler) {
+  this.tokenPayloadHandler_ = tokenHandler;
+  return this; 
+};
+
 /**
  * Sets the project key of the script that contains the authorization callback function (required).
  * The project key can be found in the Script Editor UI under "File > Project properties".
@@ -291,16 +301,21 @@ Service_.prototype.handleCallback = function(callbackRequest) {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
+  var tokenPayload = {
+    code: code,
+    client_id: this.clientId_,
+    client_secret: this.clientSecret_,
+    redirect_uri: redirectUri,
+    grant_type: 'authorization_code'
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler: %s', JSON.stringify(tokenPayload));
+  }
   var response = UrlFetchApp.fetch(this.tokenUrl_, {
     method: 'post',
     headers: headers,
-    payload: {
-      code: code,
-      client_id: this.clientId_,
-      client_secret: this.clientSecret_,
-      redirect_uri: redirectUri,
-      grant_type: 'authorization_code'
-    },
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var token = this.getTokenFromResponse_(response);
@@ -380,7 +395,7 @@ Service_.prototype.getLastError = function() {
 Service_.prototype.getTokenFromResponse_ = function(response) {
   var token = this.parseToken_(response.getContentText());
   if (response.getResponseCode() != 200 || token.error) {
-    var reason = [token.error, token.error_description, token.error_uri].filter(Boolean).join(', ');
+    var reason = [token.error, token.message, token.error_description, token.error_uri].filter(Boolean).join(', ');
     if (!reason) {
       reason = response.getResponseCode() + ': ' + JSON.stringify(token);
     }
@@ -436,15 +451,20 @@ Service_.prototype.refresh = function() {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
-  var response = UrlFetchApp.fetch(this.tokenUrl_, {
-    method: 'post',
-    headers: headers,
-    payload: {
+  var tokenPayload = {
       refresh_token: token.refresh_token,
       client_id: this.clientId_,
       client_secret: this.clientSecret_,
       grant_type: 'refresh_token'
-    },
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler (refresh): %s', JSON.stringify(tokenPayload));
+  }
+  var response = UrlFetchApp.fetch(this.tokenUrl_, {
+    method: 'post',
+    headers: headers,
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var newToken = this.getTokenFromResponse_(response);
