Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Middleware for catching OAuth2 access tokens in Rack apps
branch: master

Fetching latest commit…

Cannot retrieve the latest commit at this time

Failed to load latest commit information.
lib
test
.gitignore Basic middleware to catch and authorize access_token
Gemfile Gemfile
README.mkd
Rakefile Simple file-based store (for testing)
rack-oauth2_utils.gemspec Info in gemspec

README.mkd

Rack OAuth Utils

Simple Rack middleware that catches OAuth2 access tokens and validates identity

This gem only covers the simple use of "using a token". You must implement the authorization and "getting a token" part in your app.

USAGE

class API < Sinatra::Base

  use Rack::OAuth2Utils::Middleware do |access_token|
    AccessToken.find_by_token(access_token).try :account_id
  end

  helpers do

    def authorized?
      !!identity
    end

    def identity
     requets.env['oauth.identity']
    end

    def current_account
     Account.find(identity) if authorized?
    end

  end

  get '/private' do
    if authorized?
      content_type 'application/json'
      current_account.to_json
    else
      halt 403, 'Access forbidden'
    end
  end

end

Rack::OAuth2Utils::Middleware takes a block with the request's access token. YOu can use it to resolve it to an identity string (ie a user or account id).

There is a test store based on PStore (filesystem. Do no use in production):

STORE = Rack::OAuth2Utils::TestStore.new('tmp/access_tokens.store')

STORE['foobar'] = 'some_identity'

use Rack::OAuth2Utils::Middleware do |access_token|
  STORE[access_token]
end

It is up to you how you store tokens and identities.

See test/middlewate_test.rb for details

Something went wrong with that request. Please try again.