Use own HTTP Basic Authentication implementation.

HTTP Basic Authentication is basically a one-liner and it's a waste to depend
on a Gem for this functionality.

Another reason not to depend on HTTPAuth is that it's no longer maintained.

Author: Manfred

lib/oauth2/strategy/assertion.rb

@@ -1,4 +1,3 @@
-require 'httpauth'
 require 'jwt'
 
 module OAuth2

lib/oauth2/strategy/client_credentials.rb

@@ -1,4 +1,4 @@
-require 'httpauth'
+require 'base64'
 
 module OAuth2
   module Strategy
@@ -20,9 +20,17 @@ def authorize_url
       def get_token(params={}, opts={})
         request_body = opts.delete('auth_scheme') == 'request_body'
         params.merge!('grant_type' => 'client_credentials')
-        params.merge!(request_body ? client_params : {:headers => {'Authorization' => HTTPAuth::Basic.pack_authorization(client_params['client_id'], client_params['client_secret'])}})
+        params.merge!(request_body ? client_params : {:headers => {'Authorization' => authorization(client_params['client_id'], client_params['client_secret'])}})
         @client.get_token(params, opts.merge('refresh_token' => nil))
       end
+
+      # Returns the Authorization header value for Basic Authentication
+      #
+      # @param [String] The client ID
+      # @param [String] the client secret
+      def authorization(client_id, client_secret)
+        'Basic ' + Base64.encode64(client_id + ':' + client_secret).gsub("\n", '')
+      end
     end
   end
 end

oauth2.gemspec

@@ -6,7 +6,6 @@ require 'oauth2/version'
 Gem::Specification.new do |spec|
   spec.add_development_dependency 'bundler', '~> 1.0'
   spec.add_dependency 'faraday', '~> 0.8'
-  spec.add_dependency 'httpauth', '~> 0.2'
   spec.add_dependency 'multi_json', '~> 1.0'
   spec.add_dependency 'multi_xml', '~> 0.5'
   spec.add_dependency 'rack', '~> 1.2'

spec/oauth2/strategy/client_credentials_spec.rb

@@ -8,7 +8,7 @@
     OAuth2::Client.new('abc', 'def', :site => 'http://api.example.com') do |builder|
       builder.adapter :test do |stub|
         stub.post('/oauth/token', {'grant_type' => 'client_credentials'}) do |env|
-          client_id, client_secret = HTTPAuth::Basic.unpack_authorization(env[:request_headers]['Authorization'])
+          client_id, client_secret = Base64.decode64(env[:request_headers]['Authorization'].split(' ', 2)[1]).split(':', 2)
           client_id == 'abc' && client_secret == 'def' or raise Faraday::Adapter::Test::Stubs::NotFound.new
           case @mode
           when "formencoded"
@@ -37,6 +37,17 @@
     end
   end
 
+  describe "#authorization" do
+    it "generates an Authorization header value for HTTP Basic Authentication" do
+      [
+        ['abc', 'def', 'Basic YWJjOmRlZg=='],
+        ['xxx', 'secret', 'Basic eHh4OnNlY3JldA==']
+      ].each do |client_id, client_secret, expected|
+        expect(subject.authorization(client_id, client_secret)).to eq(expected)
+      end
+    end
+  end
+
   %w(json formencoded).each do |mode|
     %w(default basic_auth request_body).each do |auth_scheme|
       describe "#get_token (#{mode}) (#{auth_scheme})" do