remi / rack-oauth

Branches (3)
- 0.1.1
- gh-pages
- master ✓
Tags (2)
- v0.1.1
- v0.1.0

Rack Middleware for OAuth Authorization — Read more

http://code.remi.org/rack-oauth

This URL has Read+Write access

added note that the documentation is out-of-date

remi (author)

Fri Jan 15 21:50:55 -0800 2010

commit 55e2da9338c46acda1b9e0e643f4f0cd6fb26426
tree 59436f13633e42398b5426321de4950cbb666dab
parent fb24f5928422946c1ad1e3da216b21e6cf9dbffb

rack-oauth /

name	age	history message
.gitignore	Mon Nov 02 20:01:30 -0800 2009	ignore .gem files [remi]
README.rdoc	Fri Jan 15 21:50:55 -0800 2010	added note that the documentation is out-of-date [remi]
Rakefile	Mon Nov 02 20:01:06 -0800 2009	added get_access_token! which will get it and r... [remi]
VERSION	Mon Nov 02 20:14:57 -0800 2009	having a method with the simple name of #oauth ... [remi]
examples/	Mon Nov 02 19:46:49 -0800 2009	seriously simplified how this works! [remi]
lib/	Mon Nov 16 01:46:45 -0800 2009	got rid of 43 LOC that we weren't using anymore... [remi]
rack-oauth.gemspec	Mon Nov 02 20:14:57 -0800 2009	having a method with the simple name of #oauth ... [remi]
spec/	Mon Nov 02 20:01:06 -0800 2009	added get_access_token! which will get it and r... [remi]

README.rdoc

Rack::OAuth

Rack::OAuth is a Rack middleware for easily integrating OAuth into your Ruby web applications.

THIS DOCUMENTATION IS OUT-OF-DATE … UPDATE COMING SOON!

Installation

  $ gem sources -a http://gems.github.com
  $ sudo gem install remi-rack-oauth

Rack::OAuth requires the rack and oauth gems (and json, although this can be overriden)

  $ sudo gem install rack oauth json

Usage

To quickly see how to use this, you might want to check out the screencast at remi.org

You can also view the RDoc at code.remi.org/rack-oauth

  use Rack::OAuth, :key => 'abc', :secret => '123', :site => 'http://twitter.com'

This will use all of the defaults:

visiting /oauth_login will setup an OAuth request and redirect the user to login to the OAuth provider
/oauth_complete is where we redirect to after OAuth authorization is complete
session[:oauth_user] will return a hash with the OAuth account information (if a user was authorized)

There are a number of defaults that can be overridden. Defaults can be viewed at code.remi.org/rack-oauth/classes/Rack/OAuth.html

  use Rack::OAuth, :key          => 'abc',
                   :secret       => '123',
                   :site         => 'http://twitter.com',
                   :login        => '/path_that_will_goto_oauth_providers_login',
                   :redirect     => '/path_to_redirect_to_after_oauth_authorization',
                   :session_key  => 'name_of_session_variable_to_store_oauth_user_info_in',
                   :rack_session => 'name_of_rack_session_variable'

The important thing to note is that, after you redirect to /oauth_login and the OAuth provider redirects back to your web application at /oauth_complete, you can gain access to the user’s access token. This is what lets you make requests to Twitter and whatnot to post tweets or merely get the user’s information.

The easiest way to do this is to include the Rack::OAuth::Methods module in your ApplicationController, if you’re using Rails, or your helpers block, if you’re using Sinatra or … wherever. Once you’ve done that, you can just call #get_access_token to get the access token. For example, if you want to get the user’s twitter profile information you can:

  json = get_access_token.get('/account/verify_credentials.json').body

Notes

Rack::OAuth was created to work with Twitter OAuth and has, thus far, only been tested using Twitter’s OAuth. If this doesn’t work for you for a different OAuth provider, please let me know! Or, if you patch Rack::OAuth to support another provider, please send me a pull request with the patch.