How to Handle OAuth Response with Octokit Ruby vs Restclient

Question

Hi I'm new to Ruby/Rails and I had a question about handling an OAuth response with the Ruby version of GitHub's Octokit. After reading the documentation I'm a little confused about how to follow best practices with the wrapper vs with RestClient. When I authorize my app the response returns a "code" which I'm supposed to exchange for an access token.

In the GitHub API documentation it shows a Sinatra example of this with Restclient, which is currently in my create action of the sessions controller. However, it says you should approach it differently when building an app and that you should use the Octokit library, but I can't find any documentation on exactly how to exchange the code for an access token with Octokit.

My goal is to be able to crete a new member for the app via a user's GitHub account, save that info, & then sign them in with that account, rather then ever creating a username/password. I've pasted my new.html.erb code below to show the request that I am making as well. Really appreciate any help, thank you!

Sessions Controller

class SessionsController < ApplicationController

  def new
    @client_id = Octokit.client_id
  end

  def create
    # CHANGE THIS TO USE OCTOKIT INSTEAD
    session_code = request.env['rack.request.query_hash']['code']

    result = RestClient.post('https://github.com/login/oauth/access_token',
                            {:client_id => Octokit.client_id,
                             :client_secret => Octokit.client_secret,
                             :code => session_code},
                             :accept => :json)

    access_token = JSON.parse(result)['access_token']
  end
end

OAuth Request

<p>
  Sign In with GitHub
</p>
<p>
  <a href="https://github.com/login/oauth/authorize?scope=user:follow&client_id=<%= @client_id %>">Click here</a> to begin!</a>
</p>

Answer 1

As it doesn't explicitly state this in the README. What I recommend is always going through the source code to get a better understanding of how a gem works. Often you will find that the gem's creator(s) have written great code that is self-explanatory, and sometimes even commented to provide more info as in the situation below. Here is the method you're looking for, good luck on your journey to learn to Ruby/Rails and welcome! Let me know if you have any more questions and run into any more issues getting this to work.

# Retrieve the access_token.
      #
      # @param code [String] Authorization code generated by GitHub.
      # @param app_id [String] Client Id we received when our application was registered with GitHub.
      # @param app_secret [String] Client Secret we received when our application was registered with GitHub.
      # @return [Sawyer::Resource] Hash holding the access token.
      # @see http://developer.github.com/v3/oauth/#web-application-flow
      # @example
      #   Octokit.exchange_code_for_token('aaaa', 'xxxx', 'yyyy', {:accept => 'application/json'})
      def exchange_code_for_token(code, app_id = client_id, app_secret = client_secret, options = {})
        options.merge!({
          :code => code,
          :client_id => app_id,
          :client_secret => app_secret,
          :headers => {
            :content_type => 'application/json',
            :accept       => 'application/json'
          }
        })
        post "#{web_endpoint}login/oauth/access_token", options
      end