There's Auth, there's OAuth, and there's OohAuth.

OohAuth extends merb-auth-more with a functionally-complete approach to OAuth, turning your merb-auth applications into full OAuth providers.

OAuth at a glance:

• Your users won't have to give their names and passwords to client applications
• Your users can revoke or limit access from a particular client at any time
• Your users do not have to give client applications everything they need to steal their account
• Your developer community can authenticate using a solid authentication schema endorsed by industry giants
• Resilient to both man-in-the-middle and signature replay attacks.

OohAuth gives you:

• Integration with merb-auth and your application's own User model
• RESTful creation of API keys for client apps
• RESTful creation of request and access tokens to allow client apps to authenticate on behalf of users
• merb-auth strategies for both web-based and non web-based API authentication.

It depends on:

• merb-slices
• merb-action-args
• merb-auth-core
• merb-auth-more
• nokogiri (tests only)
• ruby-hmac
• Erb OR Haml (Haml support thanks to Pius)
• datamapper (we need your help to become ORM-agnostic)

You should read:

• Why we wrote it
• OohAuth on github
• OAuth 1.0 specification a hefty spec document containing instructions for authenticating with OAuth apps and more.
• securing.markdown, your guide to properly securing an application using OohAuth.
• OohAuth's bugtracker on Tails