remi / rack-oauth

Rack Middleware for OAuth Authorization

This URL has Read+Write access

ignore .gem files
remi (author)
Mon Nov 02 20:01:30 -0800 2009
commit  f1caec76fcf996f647e57fde9a5c503b739c58bb
tree    b2e9aaaeca5503c07339a500c8dbd30460cfb7f8
parent  8ef8fe3cc8392f07d6381a7a5637c7e8b0bc177f
README.rdoc

Rack::OAuth

Rack::OAuth is a Rack middleware for easily integrating OAuth into your Ruby web applications.

Installation

  $ gem sources -a http://gems.github.com
  $ sudo gem install remi-rack-oauth

Rack::OAuth requires the rack and oauth gems (and json, although this can be overriden) 

  $ sudo gem install rack oauth json

Usage

To quickly see how to use this, you might want to check out the screencast at remi.org

You can also view the RDoc at code.remi.org/rack-oauth 

  use Rack::OAuth, :key => 'abc', :secret => '123', :site => 'http://twitter.com'

This will use all of the defaults:

  • visiting /oauth_login will setup an OAuth request and redirect the user to login to the OAuth provider
  • /oauth_complete is where we redirect to after OAuth authorization is complete
  • session[:oauth_user] will return a hash with the OAuth account information (if a user was authorized)

There are a number of defaults that can be overridden. Defaults can be viewed at code.remi.org/rack-oauth/classes/Rack/OAuth.html 

  use Rack::OAuth, :key          => 'abc',
                   :secret       => '123',
                   :site         => 'http://twitter.com',
                   :login        => '/path_that_will_goto_oauth_providers_login',
                   :redirect     => '/path_to_redirect_to_after_oauth_authorization',
                   :session_key  => 'name_of_session_variable_to_store_oauth_user_info_in',
                   :rack_session => 'name_of_rack_session_variable'

The important thing to note is that, after you redirect to /oauth_login and the OAuth provider redirects back to your web application at /oauth_complete, you can gain access to the user’s access token. This is what lets you make requests to Twitter and whatnot to post tweets or merely get the user’s information.

The easiest way to do this is to include the Rack::OAuth::Methods module in your ApplicationController, if you’re using Rails, or your helpers block, if you’re using Sinatra or … wherever. Once you’ve done that, you can just call #get_access_token to get the access token. For example, if you want to get the user’s twitter profile information you can: 

  json = get_access_token.get('/account/verify_credentials.json').body

Notes

Rack::OAuth was created to work with Twitter OAuth and has, thus far, only been tested using Twitter’s OAuth. If this doesn’t work for you for a different OAuth provider, please let me know! Or, if you patch Rack::OAuth to support another provider, please send me a pull request with the patch.