Rack OAuth Utils
Simple Rack middleware that catches OAuth2 access tokens and validates identity
This gem only covers the simple use of "using a token". You must implement the authorization and "getting a token" part in your app.
class API < Sinatra::Base use Rack::OAuth2Utils::Middleware, :store => SomeKeyValueStore helpers do def authorized? !!identity end def identity requets.env['oauth.identity'] end def current_account Account.find(identity) if authorized? end end get '/private' do if authorized? content_type 'application/json' current_account.to_json else halt 403, 'Access forbidden' end end end
:store is anything that responds to , = and delete. Can be Redis, PStore, some ORM wrapper, etc.
Store is expected to store access_tokens mapped to some identity string (for example account IDs).
There is a test store based on PStore (filesystem. Do no use in production):
store = Rack::OAuth2Utils::TestStore.new('tmp/access_tokens.store') store['some_access_token'] = 'some_account_id'
It is up to you how you store tokens and identities.
See test/middlewate_test.rb for details