Adding support for setTokenPayloadHandler to support Smartsheet API.

activescott · activescott · commit c6ce8b3a2c92 · 2016-04-12T00:38:10.000-07:00
diff --git a/README.md b/README.md
@@ -188,6 +188,39 @@ in these requests.
 
 See the [FitBit sample](samples/FitBit.gs) for the compelte code.
 
+#### Modifying the access token payload
+Similar to Setting additional token headers, some services, such as the Smartsheet API, require you to [add a hash to the access token request payloads](http://smartsheet-platform.github.io/api-docs/?javascript#oauth-flow). The `setTokenPayloadHandler` method allows you to pass in a function to modify the payload of an access token request before the request is sent to the token endpoint:
+ 
+ 
+    // Set the handler for adding Smartsheet's required SHA hash parameter to the payload:
+    .setTokenPayloadHandler(smartsheetTokenHandler)
+    ...
+    function smartsheetTokenHandler(payload) {
+        var codeOrRefreshToken = payload.code ? payload.code : payload.refresh_token;
+        var input = SMARTSHEET_CLIENT_SECRET + "|" + codeOrRefreshToken;
+        var hash = Utilities.computeDigest(Utilities.DigestAlgorithm.SHA_256,
+                                                input,
+                                                Utilities.Charset.UTF_8);
+        hash = hash.map(function(val) {
+            // Google appears to treat these as signed bytes, but we need them unsigned...
+            if (val < 0)
+            val += 256;
+            var str = val.toString(16);
+            // pad to two hex digits:
+            if (str.length == 1)
+            str = '0' + str;
+            return str;
+        });
+        payload.hash = hash.join("");
+        // Smartsheet doesn't need the client secret sent (secret is verified by the hash)
+        if (payload.client_secret) {
+            delete payload.client_secret;
+        }
+        return payload;  
+    }
+
+    
+
 #### Service Accounts
 
 This library supports the service account authorization flow, also known as the
diff --git a/dist/OAuth2.gs b/dist/OAuth2.gs
@@ -60,7 +60,7 @@ if (module) {
   module.exports = {
     createService: createService,
     getRedirectUri: getRedirectUri
-  }
+  };
 }
 
 // Copyright 2014 Google Inc. All Rights Reserved.
@@ -81,6 +81,10 @@ if (module) {
  * @fileoverview Contains the Service_ class.
  */
 
+// Disable JSHint warnings for the use of eval(), since it's required to prevent
+// scope issues in Apps Script.
+// jshint evil:true
+
 /**
  * Creates a new OAuth2 service.
  * @param {string} serviceName The name of the service.
@@ -148,6 +152,16 @@ Service_.prototype.setTokenHeaders = function(tokenHeaders) {
   return this;
 };
 
+/**
+ * Sets an additional function to invoke on the payload of the access token request.
+ * @param Object tokenHandler A function to invoke on the payload of the request for an access token.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setTokenPayloadHandler = function(tokenHandler) {
+  this.tokenPayloadHandler_ = tokenHandler;
+  return this; 
+};
+
 /**
  * Sets the project key of the script that contains the authorization callback function (required).
  * The project key can be found in the Script Editor UI under "File > Project properties".
@@ -235,7 +249,7 @@ Service_.prototype.setCache = function(cache) {
  */
 Service_.prototype.setScope = function(scope, opt_separator) {
   var separator = opt_separator || ' ';
-  this.params_['scope'] = _.isArray(scope) ? scope.join(separator) : scope;
+  this.params_.scope = _.isArray(scope) ? scope.join(separator) : scope;
   return this;
 };
 
@@ -352,16 +366,21 @@ Service_.prototype.handleCallback = function(callbackRequest) {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
+  var tokenPayload = {
+    code: code,
+    client_id: this.clientId_,
+    client_secret: this.clientSecret_,
+    redirect_uri: redirectUri,
+    grant_type: 'authorization_code'
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler: %s', JSON.stringify(tokenPayload));
+  }
   var response = UrlFetchApp.fetch(this.tokenUrl_, {
     method: 'post',
     headers: headers,
-    payload: {
-      code: code,
-      client_id: this.clientId_,
-      client_secret: this.clientSecret_,
-      redirect_uri: redirectUri,
-      grant_type: 'authorization_code'
-    },
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var token = this.getTokenFromResponse_(response);
@@ -441,7 +460,7 @@ Service_.prototype.getLastError = function() {
 Service_.prototype.getTokenFromResponse_ = function(response) {
   var token = this.parseToken_(response.getContentText());
   if (response.getResponseCode() != 200 || token.error) {
-    var reason = [token.error, token.error_description, token.error_uri].filter(Boolean).join(', ');
+    var reason = [token.error, token.message, token.error_description, token.error_uri].filter(Boolean).join(', ');
     if (!reason) {
       reason = response.getResponseCode() + ': ' + JSON.stringify(token);
     }
@@ -464,7 +483,7 @@ Service_.prototype.parseToken_ = function(content) {
     } catch (e) {
       throw 'Token response not valid JSON: ' + e;
     }
-  } else if (this.tokenFormat_ = TOKEN_FORMAT.FORM_URL_ENCODED) {
+  } else if (this.tokenFormat_ == TOKEN_FORMAT.FORM_URL_ENCODED) {
     token = content.split('&').reduce(function(result, pair) {
       var parts = pair.split('=');
       result[decodeURIComponent(parts[0])] = decodeURIComponent(parts[1]);
@@ -497,15 +516,20 @@ Service_.prototype.refresh = function() {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
-  var response = UrlFetchApp.fetch(this.tokenUrl_, {
-    method: 'post',
-    headers: headers,
-    payload: {
+  var tokenPayload = {
       refresh_token: token.refresh_token,
       client_id: this.clientId_,
       client_secret: this.clientSecret_,
       grant_type: 'refresh_token'
-    },
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler (refresh): %s', JSON.stringify(tokenPayload));
+  }
+  var response = UrlFetchApp.fetch(this.tokenUrl_, {
+    method: 'post',
+    headers: headers,
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var newToken = this.getTokenFromResponse_(response);
@@ -639,10 +663,10 @@ Service_.prototype.createJwt_ = function() {
     iat: Math.round(now.getTime() / 1000)
   };
   if (this.subject_) {
-    claimSet['sub'] = this.subject_;
+    claimSet.sub = this.subject_;
   }
-  if (this.params_['scope']) {
-   claimSet['scope'] =  this.params_['scope'];
+  if (this.params_.scope) {
+   claimSet.scope =  this.params_.scope;
   }
   var toSign = Utilities.base64EncodeWebSafe(JSON.stringify(header)) + '.' + Utilities.base64EncodeWebSafe(JSON.stringify(claimSet));
   var signatureBytes = Utilities.computeRsaSha256Signature(toSign, this.privateKey_);
@@ -705,7 +729,7 @@ function validate_(params) {
  * @private
  */
 function isEmpty_(value) {
-  return value == null || value == undefined ||
+  return value === null || value === undefined ||
       ((_.isObject(value) || _.isString(value)) && _.isEmpty(value));
 }
 
diff --git a/src/Service.gs b/src/Service.gs
@@ -87,6 +87,16 @@ Service_.prototype.setTokenHeaders = function(tokenHeaders) {
   return this;
 };
 
+/**
+ * Sets an additional function to invoke on the payload of the access token request.
+ * @param Object tokenHandler A function to invoke on the payload of the request for an access token.
+ * @return {Service_} This service, for chaining.
+ */
+Service_.prototype.setTokenPayloadHandler = function(tokenHandler) {
+  this.tokenPayloadHandler_ = tokenHandler;
+  return this; 
+};
+
 /**
  * Sets the project key of the script that contains the authorization callback function (required).
  * The project key can be found in the Script Editor UI under "File > Project properties".
@@ -291,16 +301,21 @@ Service_.prototype.handleCallback = function(callbackRequest) {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
+  var tokenPayload = {
+    code: code,
+    client_id: this.clientId_,
+    client_secret: this.clientSecret_,
+    redirect_uri: redirectUri,
+    grant_type: 'authorization_code'
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler: %s', JSON.stringify(tokenPayload));
+  }
   var response = UrlFetchApp.fetch(this.tokenUrl_, {
     method: 'post',
     headers: headers,
-    payload: {
-      code: code,
-      client_id: this.clientId_,
-      client_secret: this.clientSecret_,
-      redirect_uri: redirectUri,
-      grant_type: 'authorization_code'
-    },
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var token = this.getTokenFromResponse_(response);
@@ -380,7 +395,7 @@ Service_.prototype.getLastError = function() {
 Service_.prototype.getTokenFromResponse_ = function(response) {
   var token = this.parseToken_(response.getContentText());
   if (response.getResponseCode() != 200 || token.error) {
-    var reason = [token.error, token.error_description, token.error_uri].filter(Boolean).join(', ');
+    var reason = [token.error, token.message, token.error_description, token.error_uri].filter(Boolean).join(', ');
     if (!reason) {
       reason = response.getResponseCode() + ': ' + JSON.stringify(token);
     }
@@ -436,15 +451,20 @@ Service_.prototype.refresh = function() {
   if (this.tokenHeaders_) {
     headers = _.extend(headers, this.tokenHeaders_);
   }
-  var response = UrlFetchApp.fetch(this.tokenUrl_, {
-    method: 'post',
-    headers: headers,
-    payload: {
+  var tokenPayload = {
       refresh_token: token.refresh_token,
       client_id: this.clientId_,
       client_secret: this.clientSecret_,
       grant_type: 'refresh_token'
-    },
+  };
+  if (this.tokenPayloadHandler_) {
+    tokenPayload = this.tokenPayloadHandler_(tokenPayload);
+    Logger.log('Token payload from tokenPayloadHandler (refresh): %s', JSON.stringify(tokenPayload));
+  }
+  var response = UrlFetchApp.fetch(this.tokenUrl_, {
+    method: 'post',
+    headers: headers,
+    payload: tokenPayload,
     muteHttpExceptions: true
   });
   var newToken = this.getTokenFromResponse_(response);
