• Use oauth2/request-auth-code/browser to open a web browser with an authorization code request to the authorization server. If the request is granted, the browser is redirected to a localhost URL, where a web server created specifically for the request acquires the authorization code, uses it to create the oauth2<%> object, and shuts down.

• Use get-auth-request-url to generate an authorization request URL. The user must visit the URL, grant access, and call oauth2/auth-code with the resulting authorization code. Use this process when either automatically opening a web browser or starting a local web server is not desirable.

• Use oauth2/refresh-token with a long-lived “refresh token” obtained from an earlier authorization grant. (See get-refresh-token.)

• Forward the user to the URL generated by get-auth-request-url; use the state argument to represent the current session/context. After granting authorization, the user will be redirected to the redirect-uri with the authorization code and user state in the code and state query arguments, respectively. Call oauth2/auth-code with the authorization code.

• Use oauth2/refresh-token with a long-lived “refresh token” obtained from an earlier authorization grant. (See get-refresh-token.)

(send an-oauth2-auth-server get-auth-url) → string?

Returns the base URL for authorization requests presented to the resource owner, generally used to obtain authorization codes.

Example:

> (send google-auth-server get-auth-url) "https://accounts.google.com/o/oauth2/auth"

(send an-oauth2-auth-server get-token-url) → string?

Returns the base URL for token requests made automatically by the client.

Example:

> (send google-auth-server get-token-url) "https://accounts.google.com/o/oauth2/token"

(send an-oauth2-auth-server get-tokeninfo-url)

→ (or/c string? #f)

Returns the base URL for getting information about granted tokens. Used by validate!. This seems to be a Google extension.

(send an-oauth2-auth-server get-revoke-url)

→ (or/c string? #f)

Returns the base URL for revoking a token. Used by revoke!. This seems to be a Google extension.

(send an-oauth2-auth-server get-auth-request-url       #:client client       #:scopes scopes      [ #:redirect-uri redirect-uri       #:state state       #:extra-parameters extra-parameters])

→ string?

client : (is-a?/c oauth2-client<%>)

scopes : (listof string?)

redirect-uri : string? = "urn:ietf:wg:oauth:2.0:oob"

state : (or/c string? #f) = #f

extra-parameters : (listof (cons/c symbol? string?)) = null

Returns a URL (as a string) that can be visited in a browser to request authorization for client to access resources in the given scopes.

The default redirect-uri is a special URI indicating that the authorization server should redirect to a page of its own displaying the authorization code, rather than sending it via redirection to a page under the client’s control.

(oauth2-auth-server   #:auth-url auth-url       #:token-url token-url)

→ (is-a?/c oauth2-auth-server<%>)

auth-url : string?

token-url : string?

google-auth-server : (is-a?/c oauth2-auth-server<%>)

(send an-oauth2-client get-id) → string?

Returns the client’s ID string.

(send an-oauth2-client get-secret) → (or/c string? #f)

Returns the client’s secret.

(oauth2-client #:id id [#:secret secret])

→ (is-a?/c oauth2-client<%>)

id : string?

secret : (or/c string? #f) = #f

(send an-oauth2 get-client-id) → string?

Returns the client ID string.

(send an-oauth2 get-scopes) → (listof string?)

Returns the currently authorized scopes. If the scopes are unknown, this method returns '(). See also validate!.

(send an-oauth2 get-access-token #:re-acquire? re-acquire?)

→ (or/c string? #f)

re-acquire? : #t

Returns the current access token, if one is available and has not expired.

If there is no current access token and re-acquire? is #f, the method returns #f. Otherwise, if there is no current access token and re-acquire? is true, the object attempts to acquire a new access token—such as by using a long-lived refresh token, if one was provided by the authorization server.

(send an-oauth2 get-refresh-token) → (or/c string? #f)

Returns the refresh token, if one was provided by the authorization server, #f otherwise.

(send an-oauth2 validate!) → void?

Validates the current tokens with the auth server. If the auth server does not support token validation, an exception is raised.

As a side effect of validation, the scope information returned by get-scopes is updated.

(send an-oauth2 revoke!) → void?

Revokes the current refresh token.

(send an-oauth2 headers) → (listof string?)

Returns a list of HTTP headers to be used in HTTP requests to resource servers. Currently only bearer tokens are supported; see OAuth 2.0 Security Notes.

(oauth2/auth-code   auth-server       client       auth-code      [ #:redirect-uri redirect-uri])

→ (is-a?/c oauth2<%>)

auth-server : (is-a?/c oauth2-auth-server<%>)

client : (is-a?/c oauth2-client<%>)

auth-code : string?

redirect-uri : string? = "urn:ietf:wg:oauth:2.0:oob"

(oauth2/refresh-token   auth-server             client             refresh-token)   →   (is-a?/c oauth2<%>)

auth-server : (is-a?/c oauth2-auth-server<%>)

client : (is-a?/c oauth2-client<%>)

refresh-token : string?

(oauth2/request-auth-code/browser   auth-server       client       scopes)

→ (is-a?/c oauth2<%>)

auth-server : (is-a?/c oauth2-auth-server<%>)

client : (is-a?/c oauth2-client<%>)

scopes : (listof string?)