1 # Copyright 2010 Google Inc.
3 # Licensed under the Apache License, Version 2.0 (the "License");
4 # you may not use this file except in compliance with the License.
5 # You may obtain a copy of the License at
7 # http://www.apache.org/licenses/LICENSE-2.0
9 # Unless required by applicable law or agreed to in writing, software
10 # distributed under the License is distributed on an "AS IS" BASIS,
11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 # See the License for the specific language governing permissions and
13 # limitations under the License.
18 require 'compat/multi_json'
22 require 'google/api_client/version'
23 require 'google/api_client/logging'
24 require 'google/api_client/errors'
25 require 'google/api_client/environment'
26 require 'google/api_client/discovery'
27 require 'google/api_client/request'
28 require 'google/api_client/reference'
29 require 'google/api_client/result'
30 require 'google/api_client/media'
31 require 'google/api_client/service_account'
32 require 'google/api_client/batch'
33 require 'google/api_client/gzip'
34 require 'google/api_client/charset'
35 require 'google/api_client/client_secrets'
36 require 'google/api_client/railtie' if defined?(Rails)
41 # This class manages APIs communication.
43 include Google::APIClient::Logging
46 # Creates a new Google API client.
48 # @param [Hash] options The configuration parameters for the client.
49 # @option options [Symbol, #generate_authenticated_request] :authorization
51 # The authorization mechanism used by the client. The following
52 # mechanisms are supported out-of-the-box:
54 # <li><code>:two_legged_oauth_1</code></li>
55 # <li><code>:oauth_1</code></li>
56 # <li><code>:oauth_2</code></li>
58 # @option options [Boolean] :auto_refresh_token (true)
59 # The setting that controls whether or not the api client attempts to
60 # refresh authorization when a 401 is hit in #execute. If the token does
61 # not support it, this option is ignored.
62 # @option options [String] :application_name
63 # The name of the application using the client.
64 # @option options [String] :application_version
65 # The version number of the application using the client.
66 # @option options [String] :user_agent
67 # ("{app_name} google-api-ruby-client/{version} {os_name}/{os_version}")
68 # The user agent used by the client. Most developers will want to
69 # leave this value alone and use the `:application_name` option instead.
70 # @option options [String] :host ("www.googleapis.com")
71 # The API hostname used by the client. This rarely needs to be changed.
72 # @option options [String] :port (443)
73 # The port number used by the client. This rarely needs to be changed.
74 # @option options [String] :discovery_path ("/discovery/v1")
75 # The discovery base path. This rarely needs to be changed.
76 # @option options [String] :ca_file
77 # Optional set of root certificates to use when validating SSL connections.
78 # By default, a bundled set of trusted roots will be used.
79 # @options options[Hash] :force_encoding
80 # Experimental option. True if response body should be force encoded into the charset
81 # specified in the Content-Type header. Mostly intended for compressed content.
82 # @options options[Hash] :faraday_options
83 # Pass through of options to set on the Faraday connection
84 def initialize(options={})
85 logger.debug { "#{self.class} - Initializing client with options #{options}" }
87 # Normalize key to String to allow indifferent access.
88 options = options.inject({}) do |accu, (key, value)|
89 accu[key.to_sym] = value
92 # Almost all API usage will have a host of 'www.googleapis.com'.
93 self.host = options[:host] || 'www.googleapis.com'
94 self.port = options[:port] || 443
95 self.discovery_path = options[:discovery_path] || '/discovery/v1'
97 # Most developers will want to leave this value alone and use the
98 # application_name option.
99 if options[:application_name]
100 app_name = options[:application_name]
101 app_version = options[:application_version]
102 application_string = "#{app_name}/#{app_version || '0.0.0'}"
104 logger.warn { "#{self.class} - Please provide :application_name and :application_version when initializing the client" }
107 proxy = options[:proxy] || Object::ENV["http_proxy"]
109 self.user_agent = options[:user_agent] || (
110 "#{application_string} " +
111 "google-api-ruby-client/#{Google::APIClient::VERSION::STRING} #{ENV::OS_VERSION} (gzip)"
113 # The writer method understands a few Symbols and will generate useful
114 # default authentication mechanisms.
116 options.key?(:authorization) ? options[:authorization] : :oauth_2
117 self.auto_refresh_token = options.fetch(:auto_refresh_token) { true }
118 self.key = options[:key]
119 self.user_ip = options[:user_ip]
120 self.retries = options.fetch(:retries) { 0 }
121 self.expired_auth_retry = options.fetch(:expired_auth_retry) { true }
123 @discovery_documents = {}
124 @discovered_apis = {}
125 ca_file = options[:ca_file] || File.expand_path('../../cacerts.pem', __FILE__)
126 self.connection = Faraday.new do |faraday|
127 faraday.response :charset if options[:force_encoding]
128 faraday.response :gzip
129 faraday.options.params_encoder = Faraday::FlatParamsEncoder
130 faraday.ssl.ca_file = ca_file
131 faraday.ssl.verify = true
133 faraday.adapter Faraday.default_adapter
134 if options[:faraday_option].is_a?(Hash)
135 options[:faraday_option].each_pair do |option, value|
136 faraday.options.send("#{option}=", value)
144 # Returns the authorization mechanism used by the client.
146 # @return [#generate_authenticated_request] The authorization mechanism.
147 attr_reader :authorization
150 # Sets the authorization mechanism used by the client.
152 # @param [#generate_authenticated_request] new_authorization
153 # The new authorization mechanism.
154 def authorization=(new_authorization)
155 case new_authorization
156 when :oauth_1, :oauth
157 require 'signet/oauth_1/client'
158 # NOTE: Do not rely on this default value, as it may change
159 new_authorization = Signet::OAuth1::Client.new(
160 :temporary_credential_uri =>
161 'https://www.google.com/accounts/OAuthGetRequestToken',
162 :authorization_uri =>
163 'https://www.google.com/accounts/OAuthAuthorizeToken',
164 :token_credential_uri =>
165 'https://www.google.com/accounts/OAuthGetAccessToken',
166 :client_credential_key => 'anonymous',
167 :client_credential_secret => 'anonymous'
169 when :two_legged_oauth_1, :two_legged_oauth
170 require 'signet/oauth_1/client'
171 # NOTE: Do not rely on this default value, as it may change
172 new_authorization = Signet::OAuth1::Client.new(
173 :client_credential_key => nil,
174 :client_credential_secret => nil,
178 require 'signet/oauth_2/client'
179 # NOTE: Do not rely on this default value, as it may change
180 new_authorization = Signet::OAuth2::Client.new(
181 :authorization_uri =>
182 'https://accounts.google.com/o/oauth2/auth',
183 :token_credential_uri =>
184 'https://accounts.google.com/o/oauth2/token'
187 # No authorization mechanism
189 if !new_authorization.respond_to?(:generate_authenticated_request)
191 'Expected authorization mechanism to respond to ' +
192 '#generate_authenticated_request.'
195 @authorization = new_authorization
196 return @authorization
200 # Default Faraday/HTTP connection.
202 # @return [Faraday::Connection]
203 attr_accessor :connection
206 # The setting that controls whether or not the api client attempts to
207 # refresh authorization when a 401 is hit in #execute.
210 attr_accessor :auto_refresh_token
213 # The application's API key issued by the API console.
215 # @return [String] The API key.
219 # The IP address of the user this request is being performed on behalf of.
221 # @return [String] The user's IP address.
222 attr_accessor :user_ip
225 # The user agent used by the client.
228 # The user agent string used in the User-Agent header.
229 attr_accessor :user_agent
232 # The API hostname used by the client.
235 # The API hostname. Should almost always be 'www.googleapis.com'.
239 # The port number used by the client.
242 # The port number. Should almost always be 443.
246 # The base path used by the client for discovery.
249 # The base path. Should almost always be '/discovery/v1'.
250 attr_accessor :discovery_path
253 # Number of times to retry on recoverable errors
257 attr_accessor :retries
260 # Whether or not an expired auth token should be re-acquired
261 # (and the operation retried) regardless of retries setting
263 # Auto retry on auth expiry
264 attr_accessor :expired_auth_retry
267 # Returns the URI for the directory document.
269 # @return [Addressable::URI] The URI of the directory document.
271 return resolve_uri(self.discovery_path + '/apis')
275 # Manually registers a URI as a discovery document for a specific version
278 # @param [String, Symbol] api The API name.
279 # @param [String] version The desired version of the API.
280 # @param [Addressable::URI] uri The URI of the discovery document.
281 # @return [Google::APIClient::API] The service object.
282 def register_discovery_uri(api, version, uri)
284 version = version || 'v1'
285 @discovery_uris["#{api}:#{version}"] = uri
286 discovered_api(api, version)
290 # Returns the URI for the discovery document.
292 # @param [String, Symbol] api The API name.
293 # @param [String] version The desired version of the API.
294 # @return [Addressable::URI] The URI of the discovery document.
295 def discovery_uri(api, version=nil)
297 version = version || 'v1'
298 return @discovery_uris["#{api}:#{version}"] ||= (
300 self.discovery_path + '/apis/{api}/{version}/rest',
308 # Manually registers a pre-loaded discovery document for a specific version
311 # @param [String, Symbol] api The API name.
312 # @param [String] version The desired version of the API.
313 # @param [String, StringIO] discovery_document
314 # The contents of the discovery document.
315 # @return [Google::APIClient::API] The service object.
316 def register_discovery_document(api, version, discovery_document)
318 version = version || 'v1'
319 if discovery_document.kind_of?(StringIO)
320 discovery_document.rewind
321 discovery_document = discovery_document.string
322 elsif discovery_document.respond_to?(:to_str)
323 discovery_document = discovery_document.to_str
326 "Expected String or StringIO, got #{discovery_document.class}."
328 @discovery_documents["#{api}:#{version}"] =
329 MultiJson.load(discovery_document)
330 discovered_api(api, version)
334 # Returns the parsed directory document.
336 # @return [Hash] The parsed JSON from the directory document.
337 def directory_document
338 return @directory_document ||= (begin
339 response = self.execute!(
340 :http_method => :get,
341 :uri => self.directory_uri,
342 :authenticated => false
349 # Returns the parsed discovery document.
351 # @param [String, Symbol] api The API name.
352 # @param [String] version The desired version of the API.
353 # @return [Hash] The parsed JSON from the discovery document.
354 def discovery_document(api, version=nil)
356 version = version || 'v1'
357 return @discovery_documents["#{api}:#{version}"] ||= (begin
358 response = self.execute!(
359 :http_method => :get,
360 :uri => self.discovery_uri(api, version),
361 :authenticated => false
368 # Returns all APIs published in the directory document.
370 # @return [Array] The list of available APIs.
372 @directory_apis ||= (begin
373 document_base = self.directory_uri
374 if self.directory_document && self.directory_document['items']
375 self.directory_document['items'].map do |discovery_document|
376 Google::APIClient::API.new(
388 # Returns the service object for a given service name and service version.
390 # @param [String, Symbol] api The API name.
391 # @param [String] version The desired version of the API.
393 # @return [Google::APIClient::API] The service object.
394 def discovered_api(api, version=nil)
395 if !api.kind_of?(String) && !api.kind_of?(Symbol)
397 "Expected String or Symbol, got #{api.class}."
400 version = version || 'v1'
401 return @discovered_apis["#{api}:#{version}"] ||= begin
402 document_base = self.discovery_uri(api, version)
403 discovery_document = self.discovery_document(api, version)
404 if document_base && discovery_document
405 Google::APIClient::API.new(
416 # Returns the method object for a given RPC name and service version.
418 # @param [String, Symbol] rpc_name The RPC name of the desired method.
419 # @param [String, Symbol] api The API the method is within.
420 # @param [String] version The desired version of the API.
422 # @return [Google::APIClient::Method] The method object.
423 def discovered_method(rpc_name, api, version=nil)
424 if !rpc_name.kind_of?(String) && !rpc_name.kind_of?(Symbol)
426 "Expected String or Symbol, got #{rpc_name.class}."
428 rpc_name = rpc_name.to_s
430 version = version || 'v1'
431 service = self.discovered_api(api, version)
432 if service.to_h[rpc_name]
433 return service.to_h[rpc_name]
440 # Returns the service object with the highest version number.
442 # @note <em>Warning</em>: This method should be used with great care.
443 # As APIs are updated, minor differences between versions may cause
444 # incompatibilities. Requesting a specific version will avoid this issue.
446 # @param [String, Symbol] api The name of the service.
448 # @return [Google::APIClient::API] The service object.
449 def preferred_version(api)
450 if !api.kind_of?(String) && !api.kind_of?(Symbol)
452 "Expected String or Symbol, got #{api.class}."
455 return self.discovered_apis.detect do |a|
456 a.name == api && a.preferred == true
461 # Verifies an ID token against a server certificate. Used to ensure that
462 # an ID token supplied by an untrusted client-side mechanism is valid.
463 # Raises an error if the token is invalid or missing.
465 # @deprecated Use the google-id-token gem for verifying JWTs
470 if !self.authorization.respond_to?(:id_token)
471 raise ArgumentError, (
472 "Current authorization mechanism does not support ID tokens: " +
473 "#{self.authorization.class.to_s}"
475 elsif !self.authorization.id_token
476 raise ArgumentError, (
477 "Could not verify ID token, ID token missing. " +
478 "Scopes were: #{self.authorization.scope.inspect}"
481 check_cached_certs = lambda do
483 for key, cert in @certificates
485 self.authorization.decoded_id_token(cert.public_key)
487 rescue JWT::DecodeError, Signet::UnsafeOperationError
488 # Expected exception. Ignore, ID token has not been validated.
493 if check_cached_certs.call()
496 response = self.execute!(
497 :http_method => :get,
498 :uri => 'https://www.googleapis.com/oauth2/v1/certs',
499 :authenticated => false
501 @certificates.merge!(
502 Hash[MultiJson.load(response.body).map do |key, cert|
503 [key, OpenSSL::X509::Certificate.new(cert)]
506 if check_cached_certs.call()
509 raise InvalidIDTokenError,
510 "Could not verify ID token against any available certificate."
517 # Generates a request.
519 # @option options [Google::APIClient::Method] :api_method
520 # The method object or the RPC name of the method being executed.
521 # @option options [Hash, Array] :parameters
522 # The parameters to send to the method.
523 # @option options [Hash, Array] :headers The HTTP headers for the request.
524 # @option options [String] :body The body of the request.
525 # @option options [String] :version ("v1")
526 # The service version. Only used if `api_method` is a `String`.
527 # @option options [#generate_authenticated_request] :authorization
528 # The authorization mechanism for the response. Used only if
529 # `:authenticated` is `true`.
530 # @option options [TrueClass, FalseClass] :authenticated (true)
531 # `true` if the request must be signed or somehow
532 # authenticated, `false` otherwise.
534 # @return [Google::APIClient::Reference] The generated request.
537 # request = client.generate_request(
538 # :api_method => 'plus.activities.list',
540 # {'collection' => 'public', 'userId' => 'me'}
542 def generate_request(options={})
546 return Google::APIClient::Request.new(options)
550 # Executes a request, wrapping it in a Result object.
552 # @param [Google::APIClient::Request, Hash, Array] params
553 # Either a Google::APIClient::Request, a Hash, or an Array.
555 # If a Google::APIClient::Request, no other parameters are expected.
557 # If a Hash, the below parameters are handled. If an Array, the
558 # parameters are assumed to be in the below order:
560 # - (Google::APIClient::Method) api_method:
561 # The method object or the RPC name of the method being executed.
562 # - (Hash, Array) parameters:
563 # The parameters to send to the method.
564 # - (String) body: The body of the request.
565 # - (Hash, Array) headers: The HTTP headers for the request.
566 # - (Hash) options: A set of options for the request, of which:
567 # - (#generate_authenticated_request) :authorization (default: true) -
568 # The authorization mechanism for the response. Used only if
569 # `:authenticated` is `true`.
570 # - (TrueClass, FalseClass) :authenticated (default: true) -
571 # `true` if the request must be signed or somehow
572 # authenticated, `false` otherwise.
573 # - (TrueClass, FalseClass) :gzip (default: true) -
574 # `true` if gzip enabled, `false` otherwise.
575 # - (FixNum) :retries -
576 # # of times to retry on recoverable errors
578 # @return [Google::APIClient::Result] The result from the API, nil if batch.
581 # result = client.execute(batch_request)
584 # plus = client.discovered_api('plus')
585 # result = client.execute(
586 # :api_method => plus.activities.list,
587 # :parameters => {'collection' => 'public', 'userId' => 'me'}
590 # @see Google::APIClient#generate_request
591 def execute!(*params)
592 if params.first.kind_of?(Google::APIClient::Request)
593 request = params.shift
594 options = params.shift || {}
596 # This block of code allows us to accept multiple parameter passing
597 # styles, and maintaining some backwards compatibility.
599 # Note: I'm extremely tempted to deprecate this style of execute call.
600 if params.last.respond_to?(:to_hash) && params.size == 1
606 options[:api_method] = params.shift if params.size > 0
607 options[:parameters] = params.shift if params.size > 0
608 options[:body] = params.shift if params.size > 0
609 options[:headers] = params.shift if params.size > 0
610 options.update(params.shift) if params.size > 0
611 request = self.generate_request(options)
614 request.headers['User-Agent'] ||= '' + self.user_agent unless self.user_agent.nil?
615 request.headers['Accept-Encoding'] ||= 'gzip' unless options[:gzip] == false
616 request.headers['Content-Type'] ||= ''
617 request.parameters['key'] ||= self.key unless self.key.nil?
618 request.parameters['userIp'] ||= self.user_ip unless self.user_ip.nil?
620 connection = options[:connection] || self.connection
621 request.authorization = options[:authorization] || self.authorization unless options[:authenticated] == false
623 tries = 1 + (options[:retries] || self.retries)
626 Retriable.retriable :tries => tries,
627 :on => [TransmissionError],
628 :on_retry => client_error_handler,
629 :interval => lambda {|attempts| (2 ** attempts) + rand} do
632 # This 2nd level retriable only catches auth errors, and supports 1 retry, which allows
633 # auth to be re-attempted without having to retry all sorts of other failures like
635 Retriable.retriable :tries => ((expired_auth_retry || tries > 1) && attempt == 1) ? 2 : 1,
636 :on => [AuthorizationError],
637 :on_retry => authorization_error_handler(request.authorization) do
638 result = request.send(connection, true)
643 when 301, 302, 303, 307
644 request = generate_request(request.to_hash.merge({
645 :uri => result.headers['location'],
648 raise RedirectError.new(result.headers['location'], result)
650 raise AuthorizationError.new(result.error_message || 'Invalid/Expired Authentication', result)
652 raise ClientError.new(result.error_message || "A client error has occurred", result)
654 raise ServerError.new(result.error_message || "A server error has occurred", result)
656 raise TransmissionError.new(result.error_message || "A transmission error has occurred", result)
663 # Same as Google::APIClient#execute!, but does not raise an exception for
666 # @see Google::APIClient#execute
669 return self.execute!(*params)
670 rescue TransmissionError => e
678 # Resolves a URI template against the client's configured base.
681 # @param [String, Addressable::URI, Addressable::Template] template
682 # The template to resolve.
683 # @param [Hash] mapping The mapping that corresponds to the template.
684 # @return [Addressable::URI] The expanded URI.
685 def resolve_uri(template, mapping={})
686 @base_uri ||= Addressable::URI.new(
691 template = if template.kind_of?(Addressable::Template)
693 elsif template.respond_to?(:to_str)
697 "Expected String, Addressable::URI, or Addressable::Template, " +
698 "got #{template.class}."
700 return Addressable::Template.new(@base_uri + template).expand(mapping)
705 # Returns on proc for special processing of retries for authorization errors
706 # Only 401s should be retried and only if the credentials are refreshable
708 # @param [#fetch_access_token!] authorization
709 # OAuth 2 credentials
711 def authorization_error_handler(authorization)
712 can_refresh = authorization.respond_to?(:refresh_token) && auto_refresh_token
713 Proc.new do |exception, tries|
714 next unless exception.kind_of?(AuthorizationError)
717 logger.debug("Attempting refresh of access token & retry of request")
718 authorization.fetch_access_token!
720 rescue Signet::AuthorizationError
728 # Returns on proc for special processing of retries as not all client errors
729 # are recoverable. Only 401s should be retried (via authorization_error_handler)
732 def client_error_handler
733 Proc.new do |exception, tries|
734 raise exception if exception.kind_of?(ClientError)