Class: Basecamp::OauthService

Inherits:

Object

• Object
• Basecamp::OauthService

Defined in:

app/services/basecamp/oauth_service.rb

Overview

Handles Basecamp 4 OAuth 2.0 token exchange and refresh.

Basecamp uses standard OAuth 2.0 Authorization Code flow:

1. Redirect user to authorization_url
2. Basecamp redirects back with ?code=...
3. Exchange code for access_token + refresh_token
4. When token expires, use refresh_token to get a new pair

Reference: https://github.com/basecamp/api/blob/master/sections/authentication.md

Defined Under Namespace

Classes: TokenRefreshError

Constant Summary

AUTHORIZE_URL =

URL for authorize.

'https://launchpad.37signals.com/authorization/new'

TOKEN_URL =

URL for token.

'https://launchpad.37signals.com/authorization/token'

SITE_URL =

URL for site.

'https://launchpad.37signals.com'

PROVIDER =

Provider.

'basecamp'

Instance Method Summary

• #access_token! ⇒ String

  Get a valid access token, refreshing if expired.

• #account_id ⇒ String

  The configured Basecamp account ID for API calls.

• #authorization_url(state: nil) ⇒ String

  URL to redirect the user to for authorization.

• #connected? ⇒ Boolean

  Whether this CRM account has a stored Basecamp credential.

• #disconnect! ⇒ Object

  Remove the stored credential for this account (disconnect).

• #exchange_code!(code) ⇒ OauthCredential

  Exchange the authorization code for tokens and persist them.

• #initialize(account: nil) ⇒ OauthService constructor

  A new instance of OauthService.

• #refresh! ⇒ OauthCredential

  Refresh the stored access token.

Constructor Details

#initialize(account: nil) ⇒ OauthService

Returns a new instance of OauthService.

Parameters:

• account (Account, nil) (defaults to: nil) —

  the CRM account whose Basecamp credential to manage
  Pass nil for system-level (legacy/MCP server) credentials.

# File 'app/services/basecamp/oauth_service.rb', line 29

def initialize(account: nil)
  @account       = account
  @client_id     = Heatwave::Configuration.fetch(:basecamp, :client_id)
  @client_secret = Heatwave::Configuration.fetch(:basecamp, :client_secret)
  @redirect_url  = Heatwave::Configuration.fetch(:basecamp, :redirect_url)
  @basecamp_account_id = Heatwave::Configuration.fetch(:basecamp, :account_id)
end

Instance Method Details

#access_token! ⇒ String

Get a valid access token, refreshing if expired.

Returns:

• (String) —

  the access_token

Raises:

• (TokenRefreshError)

# File 'app/services/basecamp/oauth_service.rb', line 92

def access_token!
  credential = OauthCredential.for(PROVIDER, account: @account)
  raise TokenRefreshError, 'No Basecamp credential found' unless credential

  refresh! if credential.token_expired?
  credential.reload.access_token
end

#account_id ⇒ String

The configured Basecamp account ID for API calls.

Returns:

• (String)

# File 'app/services/basecamp/oauth_service.rb', line 102

def account_id
  @basecamp_account_id
end

#authorization_url(state: nil) ⇒ String

URL to redirect the user to for authorization.
Uses standard OAuth 2.0 response_type per Basecamp API docs.

Parameters:

• state (String) (defaults to: nil) —

  CSRF token

Returns:

• (String)

# File 'app/services/basecamp/oauth_service.rb', line 41

def authorization_url(state: nil)
  params = {
    response_type: 'code',
    client_id: @client_id,
    redirect_uri: @redirect_url
  }
  params[:state] = state if state.present?
  "#{AUTHORIZE_URL}?#{params.to_query}"
end

#connected? ⇒ Boolean

Whether this CRM account has a stored Basecamp credential.

Returns:

• (Boolean)

# File 'app/services/basecamp/oauth_service.rb', line 108

def connected?
  OauthCredential.for(PROVIDER, account: @account).present?
end

#disconnect! ⇒ Object

Remove the stored credential for this account (disconnect).

# File 'app/services/basecamp/oauth_service.rb', line 113

def disconnect!
  OauthCredential.destroy_by(provider: PROVIDER, account_id: @account&.id)
end

#exchange_code!(code) ⇒ OauthCredential

Exchange the authorization code for tokens and persist them.

Parameters:

• code (String) —

  authorization code from callback

Returns:

• (OauthCredential)

# File 'app/services/basecamp/oauth_service.rb', line 54

def exchange_code!(code)
  response = token_request(
    grant_type: 'authorization_code',
    code: code,
    redirect_uri: @redirect_url,
    client_id: @client_id,
    client_secret: @client_secret
  )

  persist_tokens!(response)
end

#refresh! ⇒ OauthCredential

Refresh the stored access token.

Returns:

• (OauthCredential)

Raises:

• (TokenRefreshError) —

  if no credential or refresh_token exists

# File 'app/services/basecamp/oauth_service.rb', line 69

def refresh!
  credential = OauthCredential.for(PROVIDER, account: @account)
  raise TokenRefreshError, 'No Basecamp credential found' unless credential
  raise TokenRefreshError, 'No refresh token available' if credential.refresh_token.blank?

  response = token_request(
    grant_type: 'refresh_token',
    refresh_token: credential.refresh_token,
    client_id: @client_id,
    client_secret: @client_secret
  )

  attrs = {
    access_token: response['access_token'],
    expires_at: response['expires_in'] ? response['expires_in'].to_i.seconds.from_now : nil
  }
  attrs[:refresh_token] = response['refresh_token'] if response['refresh_token'].present?
  credential.update!(attrs)
  credential
end