Skip to content
Middleware for catching OAuth2 access tokens in Rack apps
Ruby
Find file
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Failed to load latest commit information.
lib
test
.gitignore
Gemfile
README.mkd
Rakefile
rack-oauth2_utils.gemspec

README.mkd

Rack OAuth Utils

Simple Rack middleware that catches OAuth2 access tokens and validates identity

This gem only covers the simple use of "using a token". You must implement the authorization and "getting a token" part in your app.

USAGE

class API < Sinatra::Base

  use Rack::OAuth2Utils::Middleware do |access_token|
    AccessToken.find_by_token(access_token).try :account_id
  end

  helpers do

    def authorized?
      !!identity
    end

    def identity
     requets.env['oauth.identity']
    end

    def current_account
     Account.find(identity) if authorized?
    end

  end

  get '/private' do
    if authorized?
      content_type 'application/json'
      current_account.to_json
    else
      halt 403, 'Access forbidden'
    end
  end

end

Rack::OAuth2Utils::Middleware takes a block with the request's access token. YOu can use it to resolve it to an identity string (ie a user or account id).

There is a test store based on PStore (filesystem. Do no use in production):

STORE = Rack::OAuth2Utils::TestStore.new('tmp/access_tokens.store')

STORE['foobar'] = 'some_identity'

use Rack::OAuth2Utils::Middleware do |access_token|
  STORE[access_token]
end

It is up to you how you store tokens and identities.

See test/middlewate_test.rb for details

Something went wrong with that request. Please try again.