forked from halorgium/oauth_provider
-
Notifications
You must be signed in to change notification settings - Fork 2
/
README
151 lines (104 loc) · 5.96 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
--------------------------------------------------------------------------------
- OAuth Provider library in Ruby
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
- 1) Getting the library setup
- 2) Creating a provider
- 3) Adding a consumer
- 4) Issuing a request token
- 5) Authorizing a request token
- 6) Upgrading a request token to an access token
- 7) Confirming access for an access token
--------------------------------------------------------------------------------
--------------------------------------------------------------------------------
- 1) Getting the library setup
--------------------------------------------------------------------------------
You can currently only download the source and build a gem.
It will be put on rubyforge once it is more feature-some.
# git clone git://github.com/halorgium/oauth_provider.git
# rake package
--------------------------------------------------------------------------------
- 2) Getting the library setup
--------------------------------------------------------------------------------
Create a provider to allow you to interact issue request tokens etc.
There are several backends to allow you to use this for real and in testing.
The in-memory backend is best for testing, it allows you to not have the
overhead of a database.
# provider = OAuthProvider.create(:in_memory)
The DataMapper backend is currently the only real backend, you can provide a
repository which will allow you to use a different database connection.
# provider = OAuthProvider.create(:data_mapper, :some_oauth_repository)
--------------------------------------------------------------------------------
- 3) Adding a consumer
--------------------------------------------------------------------------------
To add a consumer to the provider, you need to provide a callback URL.
# consumer = provider.add_consumer("http://myconsumer.com/token")
You should store the consumer shared key in your database so you can associate
your users with the tokens they own.
# Consumer.create("My Consumer", consumer.shared_key)
--------------------------------------------------------------------------------
- 4) Issuing a request token
--------------------------------------------------------------------------------
Now you can issue a request token, this will save the token for later access.
You need to pass in the raw request object which your web framework uses and
require the correct request-proxy.
Rails (ActionController):
# require 'oauth/request_proxy/action_controller_request'
XMPP4R:
# require 'oauth/request_proxy/jabber_request'
Net::HTTP:
# require 'oauth/request_proxy/net_http'
Sinatra/Merb (Rack):
# require 'oauth/request_proxy/rack_request'
Once that file is required, you can ask the provider to issue a token.
# user_request = provider.issue_request(request)
You should save this token in your database to connect this token with a
particular user.
# current_user.tokens.create(:consumer_shared_key => user_request.consumer.shared_key,
# :shared_key => user_request.shared_key)
This object allows you to access the query_string which should be returned
to the consumer.
This is the form: oauth_token=ABCDE&oauth_token_secret=SECRET123
# user_request.query_string
Now it is up to the consumer to redirect the user to your authorization
screen. To locate the token which corresponds with the shared key (usually
the 'oauth_token' parameter in the request) you need to
--------------------------------------------------------------------------------
- 5) Authorizing a request token
--------------------------------------------------------------------------------
Once you have determined that the user wishes to authorize the request. You
should display the consumer information to the user.
An example ERB view might be:
# <p>You are about to authorize <%= token.consumer.name %> to access your account %></p>
# <p>Do you want this to happen?</p>
# <p><a href="/authorize?oauth_token=<%= token.shared_key %>Authorize it</a>
At this point, you can also store any access control information to allow this
consumer to perhaps only have read-access to the user's information.
Then in the 'authorize' action you would tell the provider to authorize this
request token and redirect back to the consumer callback URL.
# user_request.authorize
# redirect_to user_request.callback
--------------------------------------------------------------------------------
- 6) Upgrading a request token to an access token
--------------------------------------------------------------------------------
Now that the request token is authorized by the user, the consumer can upgrade
this token to an access token.
# user_access = provider.upgrade_request(request)
If the request token is not yet authorized, an exception will be raised. The
exception class is 'OAuthProvider::UserRequestNotAuthorized'.
If the request token is authorized, the request token will be destroyed and
a access token will be generated and returned.
Now you can save this into your database.
# token = current_user.tokens.find_by_shared_key(user_access.request_shared_key)
# token.update_attributes(:access => true, :shared_key => user_access.shared_key)
And return the query string back to the consumer
# user_access.query_string
--------------------------------------------------------------------------------
- 7) Confirming access for an access token
--------------------------------------------------------------------------------
At this point, the consumer should have a valid access token and can make API
requests. You can ask the provider to confirm that the access token is valid.
# user_access = provider.confirm_access(request)
Now you can find the user token which corresponds to the shared_key.
# token = current_user.tokens.first(:access => true, :shared_key => user_access.shared_key)
You are now ready to respond to the API request as needed!