Question 1

How do I implement PKCE with the oauth2 gem?

Accepted Answer

The gem supports PKCE as part of OAuth 2.1 compliance, but you need to manually generate and manage code verifiers and challenges in authorization requests, as the gem focuses on client-side token handling without built-in PKCE helpers.

Question 2

Does the oauth2 gem validate OpenID Connect id_tokens?

Accepted Answer

No, it does not validate JWT signatures. You must use a separate JWT library like 'jwt' gem and your provider's JWKs to verify id_tokens, as mentioned in the OIDC section of the README.

Question 3

oauth2 gem vs doorkeeper: which should I use?

Accepted Answer

Use the oauth2 gem for implementing OAuth clients in Ruby applications to authenticate with external providers, while doorkeeper is designed for building OAuth 2.0 provider servers. They serve complementary roles in the OAuth ecosystem.

Question 4

How to handle automatic token refresh with oauth2?

Accepted Answer

You can manually check token.expired? and call refresh, or implement a wrapper pattern as shown in the README's auto-refresh example, which handles refreshing tokens and retrying requests on authentication errors.

Question 5

Can I use mutual TLS authentication with this gem?

Accepted Answer

Yes, by setting auth_scheme to :tls_client_auth and providing client certificate and key in connection_opts.ssl, as detailed in the mutual TLS configuration section with examples using OpenSSL.

Question 6

What's new in oauth2 gem version 2.x compared to 1.x?

Accepted Answer

Version 2.x drops support for older Ruby versions and the MAC draft, adds OAuth 2.1 and OIDC features like JWT bearer tokens, and changes defaults such as auth_scheme to :basic_auth, requiring updates for existing code as outlined in the changelog.

OAuth2

What is OAuth2?

Overview

Use Cases

Best For

Related Projects

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Frequently Asked Questions