stuart / google-authsub

GoogleAuthSub
=======

NOTE: This is still in very alpha stages of development. 
It passes all the mocked specs but has no live testing specs yet. 

Overview:

The GoogleAuthSub class handles interaction with Google via the 
Account Authentication API (AuthSub). This is for web applications to get data from 
Google with the user signing in.

For details on the Account Authentication API refer to:
http://code.google.com/apis/accounts/docs/AuthForWebApps.html

The Google Group can provide some help also: 
http://groups.google.com/group/Google-Accounts-API

The OAuth protocol has taken over much of the role of Authsub. 
Oauth does not provide access to non registered apps as Authsub does.

Requirements:
    For testing you will need the rspec and fake_web gems
    
To use:

Non-signed access, single request.
    1. Create your GoogleAuthSub object.
            auth = GoogleAuthSub.new(:next_url => "www.example.com/next", 
                    :scope_url => "http://www.google.com/calendar/feeds")
    
    2. Redirect the user to the Google sign in page. request_url gives us the correct url to go to.
            In rails: 
                redirect_to auth.request_url

    3. Once the user has successfully logged in they will then be redirected back to the url specified
        as the :next_url in step 1. In the handler for this the token needs to be extracted.
        To do this call: 
            auth.receive_token(url) 
        or in rails just do: 
            auth.token=params[:token]
 
    4. Now everything should be set to make a single request with:
        auth.get(url), auth.post(url), auth.put(url) or auth.delete(url)
       The url will automagically have the :scope_url prepended to it if not included. 
       These calls return a Net::HTTPResponse object
       
     Once a request has been made the token will no longer be valid and you will have to start from step 2 in 
     order to make another request.
       
Non-signed access with session token.
    1. Create your GoogleAuthSub object with :session => true.
         auth = GoogleAuthSub.new(:next_url => "www.example.com/next", 
            :scope_url => "http://www.google.com/calendar/feeds", 
            :session => true)
 
    2,3 as per previous example
    
    4. Exchange the single use token for a session token.
        auth.request_session_token
        NOTE: this has changed from the previous version, which was confusingly named session_token.
        
    5. Make requests with auth.get and auth.put.
    
Secure access with session token.
    0. Call GoogleAuthSub.set_private_key(key)
        key can be a certificate file, string or OpenSSL::Pkey::RSA object.
        This should be the key that the site has registered with Goggle.
        For details on the registration process see: 
        http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html
        
    1. Create your GoogleAuthSub object with :session => true.
        auth = GoogleAuthSub.new(:next_url => "www.example.com/next", 
            :scope_url => "http://www.google.com/calendar/feeds", 
            :session => true, :secure=>true)
    
    2,3,4,5 as per previous examples
    
    The private key is stored as a class variable so there is one instance per app.

Tokens can be revoked with:
    auth.revoke_token

Token information can be received from Google with:
    auth.token_info
    This returns a hash with the keys: :target, :scope and :secure
    
    
TODO:
    Live tests. Currently getting errors with encrypted tokens.
    Storage of session tokens: ActiveRecord
    Encryption of tokens.
    Session token revocation
    Rails plugin
    
Contact the author via stuart.coyle@gmail.com

Copyright (c) 2008-2009 Stuart Coyle, released under the MIT license