Skip to content
This repository has been archived by the owner. It is now read-only.
Permalink
Browse files
Update README.
  • Loading branch information
Tim Fletcher committed Nov 7, 2008
1 parent 44de303 commit 43737af9b8755f396972c385897da8009bf7cd64
Showing 1 changed file with 30 additions and 21 deletions.
@@ -24,44 +24,53 @@ Erlang, and erlang-fmt (http://tfletcher.com/dev/erlang-fmt).
The Makefile assumes that erlang-fmt is contained in the parent directory of
this one, so you might want to edit the Makefile if you have it elsewhere.

Erlang R12B-5 is required for RSA-SHA1 signing.


How do I use it?
----------------

The crypto and inets applications need to be running, and---as it's easy to
forget---all the code needs to be compiled. A typical authentication flow
would be similar to the following:
First, create a consumer:

Consumer = oauth_consumer:new("key", "secret", SignatureMethod).


SignatureMethod can either be "PLAINTEXT", "HMAC-SHA1", or {"RSA-SHA1", PK},
where PK is either a path pointing to a private key PEM file, or a tuple as
returned by public_key:decode_private_key/1.

ConsumerKey = "key",
Requests can be made with oauth:get and oauth:post, e.g.,

ConsumerSecret = "secret",
Response = oauth:get(URL, Consumer).

SignatureMethod = "HMAC-SHA1",

Consumer = oauth_consumer:new(ConsumerKey, ConsumerSecret, SignatureMethod),
URL must not contain a query string. Instead, pass the query parameters in
as an additional [proplist] argument, e.g.,

HttpResponse = oauth:get(RequestTokenURL, Consumer),
Response = oauth:get(URL, Consumer, [{foo, "bar"}]).

RequestTokenPair = oauth_token_pair:new(HttpResponse),

% If necessary, direct user to the Service Provider,
% with RequestToken = element(1, RequestTokenPair).
Calling oauth:get or oauth:post returns an HTTP response tuple, as would
be returned from http:request/4. If you are requesting tokens you can use
oauth_token_pair:new/1 to extract the oauth_token and oauth_token_secret
parameters from the response, e.g.,

HttpResponse2 = oauth:get(AccessTokenURL, Consumer, RequestTokenPair),
TokenPair={Token, TokenSecret} = oauth_token_pair:new(Response).

AccessTokenPair = oauth_token_pair:new(HttpResponse2),

oauth:get(ProtectedResourceURL, Consumer, AccessTokenPair, ExtraParams).
TokenPair can then be passed back into oauth:get and oauth:post to
request additional tokens, or a protected resource. Alternatively, you
can use oauth_request:to_header/2,4 to generate an HTTP Authorization
header, as described by http://oauth.net/core/1.0/#auth_header. This
isn't (currently) integrated into oauth:get and oauth:post, so you
would need to use http:request/4 directly in this case.


Calling oauth:get or oauth:post returns an HTTP response tuple, as returned
from http:request/4. Type "make termie_hmac", or look at test/oauth_termie.erl
for a working example. Thanks Andy!
Are there any examples anywhere?
--------------------------------

Alternatively, you can use oauth_request:header/6 to generate an HTTP
Authorization header, as described by http://oauth.net/core/1.0/#auth_header.
This isn't (currently) integrated into oauth:get and oauth:post, so you would
need to use http:request/4 directly in this case.
Yes. See test/oauth_termie.erl and test/oauth_google.erl. They can be
run with "make termie_hmac", "make termie_rsa", and "make google".


Who can I contact if I have another question?

0 comments on commit 43737af

Please sign in to comment.