Skip to content
Newer
Older
100644 532 lines (338 sloc) 16.8 KB
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
1 = OAuth Plugin
2
7c79979 @pelle Added documentation of Consumer
authored
3 This is a plugin for implementing OAuth Providers and Consumers in Rails applications.
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
4
829bfa9 @pelle Updated documentation with information about upgrading.
authored
5 We support the revised OAuth 1.0a specs at:
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
6
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
7 http://tools.ietf.org/html/rfc5849
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
8
829665b @pelle bumped version updated changelog
authored
9 As well as support for OAuth 2.0:
7c45c1e @pelle updated docs in participation of OAuth 2.0 Rails 3 release
authored
10
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
11 http://tools.ietf.org/html/draft-ietf-oauth-v2-22
7c45c1e @pelle updated docs in participation of OAuth 2.0 Rails 3 release
authored
12
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
13 Find out more on the OAuth site at:
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
14
15 http://oauth.net
16
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
17 == IMPORTANT note for people upgrading the provider
804a7cd @pelle Fixed documentation
authored
18
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
19 There are several changes to the latest OAuth 2.0 spec which requires a couple of changes to 2 models which you are REQUIRED to update manually if you are supporting OAuth2.
20
21 https://github.com/pelle/oauth-plugin/blob/master/lib/generators/active_record/oauth_provider_templates/oauth2_token.rb
22
23 class Oauth2Token < AccessToken
24 attr_accessor :state
25 def as_json(options={})
26 d = {:access_token=>token, :token_type => 'bearer'}
27 d[:expires_in] = expires_in if expires_at
28 d
29 end
30
31 def to_query
32 q = "access_token=#{token}&token_type=bearer"
33 q << "&state=#{URI.escape(state)}" if @state
34 q << "&expires_in=#{expires_in}" if expires_at
35 q << "&scope=#{URI.escape(scope)}" if scope
36 q
37 end
38
39 def expires_in
40 expires_at.to_i - Time.now.to_i
41 end
42 end
43
44
45 https://github.com/pelle/oauth-plugin/blob/master/lib/generators/active_record/oauth_provider_templates/oauth2_verifier.rb
46
47 class Oauth2Verifier < OauthToken
48 validates_presence_of :user
49 attr_accessor :state
50
51 def exchange!(params={})
52 OauthToken.transaction do
53 token = Oauth2Token.create! :user=>user,:client_application=>client_application, :scope => scope
54 invalidate!
55 token
56 end
57 end
58
59 def code
60 token
61 end
62
63 def redirect_url
64 callback_url
65 end
66
67 def to_query
68 q = "code=#{token}"
69 q << "&state=#{URI.escape(state)}" if @state
70 q
71 end
72
73 protected
74
75 def generate_keys
76 self.token = OAuth::Helper.generate_key(20)[0,20]
77 self.expires_at = 10.minutes.from_now
78 self.authorized_at = Time.now
79 end
80
81 end
82
83 There are matching specs for these which you may want to move into your project as well.
829bfa9 @pelle Updated documentation with information about upgrading.
authored
84
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
85 == Requirements
86
3236713 @pelle updated docs to reflect Gemfile installation in Rails 3
authored
87 You need to install the oauth gem (0.4.4) which is the core OAuth ruby library. It will likely NOT work on any previous version of the gem.
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
88
3236713 @pelle updated docs to reflect Gemfile installation in Rails 3
authored
89 gem install oauth
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
90
48508e1 @pelle Learn to save before committing
authored
91 == Installation (Rails 3.0)
92
93 Add the plugin to your Gemfile:
94
1b834db @pelle update changelog and bump to 0.4.0
authored
95 gem "oauth-plugin", "~> 0.4.0"
48508e1 @pelle Learn to save before committing
authored
96
97 And install it:
98
99 bundle install
100
3236713 @pelle updated docs to reflect Gemfile installation in Rails 3
authored
101 == Installation (Rails 2.x)
8985bbe @pelle Gemified it and updated docs to reflect this
authored
102
103 The plugin can now be installed as an gem from github, which is the easiest way to keep it up to date.
104
3236713 @pelle updated docs to reflect Gemfile installation in Rails 3
authored
105 gem install oauth-plugin --pre
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
106
8985bbe @pelle Gemified it and updated docs to reflect this
authored
107 You should add the following in the gem dependency section of environment.rb
108
109 config.gem "oauth"
5b823c3 @pelle it is now also on rubyforge in the oauth project
authored
110 config.gem "oauth-plugin"
8985bbe @pelle Gemified it and updated docs to reflect this
authored
111
112 Alternatively you can install it in vendors/plugin:
113
114 script/plugin install git://github.com/pelle/oauth-plugin.git
115
7c45c1e @pelle updated docs in participation of OAuth 2.0 Rails 3 release
authored
116 The Generator currently creates code (in particular views) that only work in Rails 2 and 3.
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
117
118 It should not be difficult to manually modify the code to work on Rails 1.2.x
119
120 I think the only real issue is that the views have .html.erb extensions. So these could theoretically just be renamed to .rhtml.
121
5eaa4c2 @pelle Added an oauth? controller method which returns true if user was auth…
authored
122 Please let me know if this works and I will see if I can make the generator conditionally create .rhtml for pre 2.0 versions of RAILS.
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
123
829665b @pelle bumped version updated changelog
authored
124 == OAuth Provider generator (Rails 3)
125
126 This currently supports rspec, test_unit, haml, erb, active_record and mongoid:
127
128 rails g oauth_provider
129
130 This generates OAuth and OAuth client controllers as well as the required models.
131
132 It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication. It also requires Rails 2.0.
133
c5d6b3c @pelle exposing client to http is now disabled by default
authored
134 === INSTALL RACK FILTER (NEW)
135
136 A big change over previous versions is that we now use a rack filter. You have to install this in your application.rb file:
137
138 require 'oauth/rack/oauth_filter'
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
139 config.middleware.use OAuth::Rack::OAuthFilter
c5d6b3c @pelle exposing client to http is now disabled by default
authored
140
141
829665b @pelle bumped version updated changelog
authored
142 === Generator Options
143
144 The generator supports the defaults you have created in your application.rb file. eg:
145
146 config.generators do |g|
147 g.orm :mongoid
148 g.template_engine :haml
149 g.test_framework :rspec
150 end
151
152 === User Model
153
154 Add the following lines to your user model:
155
156 has_many :client_applications
1b90592 @akonan cleans the code examples in readme
akonan authored
157 has_many :tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application]
829665b @pelle bumped version updated changelog
authored
158
159 == OAuth Provider generator (Rails 2)
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
160
161 While it isn't very flexible at the moment there is an oauth_provider generator which you can use like this:
162
0c587d6 @pelle Added haml templates and updated README
authored
163 ./script/generate oauth_provider
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
164
5ba52cf @jcrosby Split OAuth controller into two pieces: OAuth and OAuth clients.
jcrosby authored
165 This generates OAuth and OAuth client controllers as well as the required models.
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
166
167 It requires an authentication framework such as acts_as_authenticated, restful_authentication or restful_open_id_authentication. It also requires Rails 2.0.
168
0c587d6 @pelle Added haml templates and updated README
authored
169 === Generator Options
170
171 By default the generator generates RSpec and ERB templates. The generator can instead create Test::Unit and/or HAML templates. To do this use the following options:
172
173 ./script/generate oauth_provider --test-unit --haml
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
174
0c587d6 @pelle Added haml templates and updated README
authored
175 These can of course be used individually as well.
176
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
177 === User Model
178
179 Add the following lines to your user model:
180
181 has_many :client_applications
1b90592 @akonan cleans the code examples in readme
akonan authored
182 has_many :tokens, :class_name => "OauthToken", :order => "authorized_at desc", :include => [:client_application]
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
183
184 === Migrate database
185
186 The database is defined in:
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
187
3d87282 @pelle Got rid of tabs
authored
188 db/migrate/XXX_create_oauth_tables.rb
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
189
190 Run them as any other normal migration in rails with:
191
192 rake db:migrate
193
829bfa9 @pelle Updated documentation with information about upgrading.
authored
194 == Upgrading from OAuth 1.0 to OAuth 1.0a
195
196 As the flow has changed slightly and there are a couple of database changes it isn't as simple as just updating the plugin. Please follow these steps closely:
197
198 === Add a migration
199
200 You need to add a migration:
201
202 script/generate migration upgrade_oauth
7c79979 @pelle Added documentation of Consumer
authored
203
829bfa9 @pelle Updated documentation with information about upgrading.
authored
204 Make it look like this:
205
206 class UpgradeOauth < ActiveRecord::Migration
207 def self.up
1b90592 @akonan cleans the code examples in readme
akonan authored
208 add_column :oauth_tokens, :callback_url, :string
209 add_column :oauth_tokens, :verifier, :string, :limit => 20
829bfa9 @pelle Updated documentation with information about upgrading.
authored
210 end
211
212 def self.down
1b90592 @akonan cleans the code examples in readme
akonan authored
213 remove_column :oauth_tokens, :callback_url
214 remove_column :oauth_tokens, :verifier
829bfa9 @pelle Updated documentation with information about upgrading.
authored
215 end
216 end
217
218 === Change code
219
220 There are changes to the following files:
7c79979 @pelle Added documentation of Consumer
authored
221
829bfa9 @pelle Updated documentation with information about upgrading.
authored
222 app/models/client_application.rb
223 app/models/request_token.rb
224 app/controllers/oauth_controller.rb
225
226 === Changes in client_application.rb
227
228 Add the following towards the top of the model class
229
230 attr_accessor :token_callback_url
231
232 Then change the create_request_token method to the following:
233
234 def create_request_token
1b90592 @akonan cleans the code examples in readme
akonan authored
235 RequestToken.create :client_application => self, :callback_url => token_callback_url
829bfa9 @pelle Updated documentation with information about upgrading.
authored
236 end
237
238 === Changes in request_token.rb
239
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
240 The RequestToken contains the bulk of the changes so it's easiest to list it in it's entirety. Mainly we need to add support for the oauth_verifier parameter and also tell the client that we support OAuth 1.0a.
804a7cd @pelle Fixed documentation
authored
241
242 Make sure it looks like this:
829bfa9 @pelle Updated documentation with information about upgrading.
authored
243
244 class RequestToken < OauthToken
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
245
829bfa9 @pelle Updated documentation with information about upgrading.
authored
246 attr_accessor :provided_oauth_verifier
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
247
829bfa9 @pelle Updated documentation with information about upgrading.
authored
248 def authorize!(user)
249 return false if authorized?
250 self.user = user
251 self.authorized_at = Time.now
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
252 self.verifier=OAuth::Helper.generate_key(16)[0,20] unless oauth10?
829bfa9 @pelle Updated documentation with information about upgrading.
authored
253 self.save
254 end
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
255
829bfa9 @pelle Updated documentation with information about upgrading.
authored
256 def exchange!
257 return false unless authorized?
1b90592 @akonan cleans the code examples in readme
akonan authored
258 return false unless oauth10? || verifier == provided_oauth_verifier
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
259
829bfa9 @pelle Updated documentation with information about upgrading.
authored
260 RequestToken.transaction do
261 access_token = AccessToken.create(:user => user, :client_application => client_application)
262 invalidate!
263 access_token
264 end
265 end
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
266
829bfa9 @pelle Updated documentation with information about upgrading.
authored
267 def to_query
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
268 if oauth10?
269 super
270 else
1b90592 @akonan cleans the code examples in readme
akonan authored
271 "#{super}&oauth_callback_confirmed = true"
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
272 end
273 end
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
274
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
275 def oob?
1b90592 @akonan cleans the code examples in readme
akonan authored
276 self.callback_url == 'oob'
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
277 end
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
278
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
279 def oauth10?
280 (defined? OAUTH_10_SUPPORT) && OAUTH_10_SUPPORT && self.callback_url.blank?
829bfa9 @pelle Updated documentation with information about upgrading.
authored
281 end
282
283 end
284
285 === Changes in oauth_controller
286
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
287 All you need to do here is the change the authorize action to use the request_token callback url and add the oauth_verifier to the callback url.
829bfa9 @pelle Updated documentation with information about upgrading.
authored
288
289 def authorize
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
290 @token = ::RequestToken.find_by_token params[:oauth_token]
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
291 unless @token.invalidated?
292 if request.post?
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
293 if params[:authorize] == '1'
294 @token.authorize!(current_user)
295 if @token.oauth10?
296 @redirect_url = params[:oauth_callback] || @token.client_application.callback_url
297 else
298 @redirect_url = @token.oob? ? @token.client_application.callback_url : @token.callback_url
299 end
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
300
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
301 if @redirect_url
302 if @token.oauth10?
303 redirect_to "#{@redirect_url}?oauth_token=#{@token.token}"
829bfa9 @pelle Updated documentation with information about upgrading.
authored
304 else
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
305 redirect_to "#{@redirect_url}?oauth_token=#{@token.token}&oauth_verifier=#{@token.verifier}"
829bfa9 @pelle Updated documentation with information about upgrading.
authored
306 end
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
307 else
308 render :action => "authorize_success"
829bfa9 @pelle Updated documentation with information about upgrading.
authored
309 end
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
310 elsif params[:authorize] == "0"
311 @token.invalidate!
312 render :action => "authorize_failure"
829bfa9 @pelle Updated documentation with information about upgrading.
authored
313 end
314 end
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
315 else
316 render :action => "authorize_failure"
829bfa9 @pelle Updated documentation with information about upgrading.
authored
317 end
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
318 end
319
320 Alternatively if you haven't customized your controller you can replace the full controller with this:
321
322 require 'oauth/controllers/provider_controller'
323 class OauthController < ApplicationController
324 include OAuth::Controllers::ProviderController
325 end
326
327 This way the controller will automatically include bug fixes in future versions of the plugin.
829bfa9 @pelle Updated documentation with information about upgrading.
authored
328
804a7cd @pelle Fixed documentation
authored
329 The rest of the changes are in the plugin and will be automatically be included.
330
829bfa9 @pelle Updated documentation with information about upgrading.
authored
331 *Note* OAuth 1.0a removes support for callback url's passed to the authorize page, clients must either define a callback url in their client application or pass one on the token request page.
332
19f311b @pelle Add support for a OAUTH_10_SUPPORT constant to switch on support for …
authored
333 === Supporting old OAuth 1.0 clients
334
335 If you absolutely have to support older OAuth 1.0 clients on an optional basis, we now include a switch to turn it back on.
336
337 For legacy OAUTH 1.0 support add the following constant in your environment.rb
338
339 OAUTH_10_SUPPORT = true
340
341 Note, you should only do this if you really positively require to support old OAuth1.0 clients. There is a serious security issue with this.
342
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
343 == Protecting your actions
344
345 I recommend that you think about what your users would want to provide access to and limit oauth for those only. For example in a CRUD controller you may think about if you want to let consumer applications do the create, update or delete actions. For your application this might make sense, but for others maybe not.
346
347 If you want to give oauth access to everything a registered user can do, just replace the filter you have in your controllers with:
348
3d87282 @pelle Got rid of tabs
authored
349 before_filter :login_or_oauth_required
7c79979 @pelle Added documentation of Consumer
authored
350
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
351 If you want to restrict consumers to the index and show methods of your controller do the following:
352
1b90592 @akonan cleans the code examples in readme
akonan authored
353 before_filter :login_required, :except => [:show,:index]
354 before_filter :login_or_oauth_required, :only => [:show,:index]
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
355
356 If you have an action you only want used via oauth:
357
3d87282 @pelle Got rid of tabs
authored
358 before_filter :oauth_required
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
359
360 All of these places the tokens user in current_user as you would expect. It also exposes the following methods:
361
362 * current_token - for accessing the token used to authorize the current request
363 * current_client_application - for accessing information about which consumer is currently accessing your request
364
365 You could add application specific information to the OauthToken and ClientApplication model for such things as object level access control, billing, expiry etc. Be creative and you can create some really cool applications here.
366
7c79979 @pelle Added documentation of Consumer
authored
367 == OAuth Consumer generator
368
369 The oauth_consumer generator creates a controller to manage the authentication flow between your application and any number of external OAuth secured applications that you wish to connect to.
370
829665b @pelle bumped version updated changelog
authored
371 To run it in Rails 3 simply run:
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
372
829665b @pelle bumped version updated changelog
authored
373 rails g oauth_consumer
374
375 In previous versions:
7c79979 @pelle Added documentation of Consumer
authored
376
377 ./script/generate oauth_consumer
378
379 This generates the OauthConsumerController as well as the ConsumerToken model.
380
829665b @pelle bumped version updated changelog
authored
381 === Generator Options (Rails 2)
7c79979 @pelle Added documentation of Consumer
authored
382
383 By default the generator generates ERB templates. The generator can instead create HAML templates. To do this use the following options:
384
385 ./script/generate oauth_consumer --haml
386
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
387 Rails 3 respects your application defaults, see the oauth provider generator section above for more info.
829665b @pelle bumped version updated changelog
authored
388
7c79979 @pelle Added documentation of Consumer
authored
389 === Configuration
390
391 All configuration of applications is done in
392
393 config/initializers/oauth_consumers.rb
394
395 Add entries to OAUTH_CREDENTIALS for all OAuth Applications you wish to connect to. Get this information by registering your application at the particular applications developer page.
396
1b90592 @akonan cleans the code examples in readme
akonan authored
397 OAUTH_CREDENTIALS = {
398 :twitter => {
399 :key => "key",
400 :secret => "secret",
401 :client => :twitter_gem, # :twitter_gem or :oauth_gem (defaults to :twitter_gem)
c5d6b3c @pelle exposing client to http is now disabled by default
authored
402 :expose => false, # set to true to expose client via the web
7c79979 @pelle Added documentation of Consumer
authored
403 },
1b90592 @akonan cleans the code examples in readme
akonan authored
404 :agree2 => {
405 :key => "key",
406 :secret => "secret",
c5d6b3c @pelle exposing client to http is now disabled by default
authored
407 :expose => false, # set to true to expose client via the web
7c79979 @pelle Added documentation of Consumer
authored
408 },
1b90592 @akonan cleans the code examples in readme
akonan authored
409 :hour_feed => {
410 :key => "",
411 :secret => "",
412 :options = {
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
413 :site => "http://hourfeed.com"
f632670 @pelle Changed the OAUTH_CREDENTIALS format to have oauth_consumer options i…
authored
414 }
7c79979 @pelle Added documentation of Consumer
authored
415 },
1b90592 @akonan cleans the code examples in readme
akonan authored
416 :nu_bux => {
417 :key => "",
418 :secret => "",
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
419 :super_class => "OpenTransactToken", # if a OAuth service follows a particular standard
7c79979 @pelle Added documentation of Consumer
authored
420 # with a token implementation you can set the superclass
421 # to use
1b90592 @akonan cleans the code examples in readme
akonan authored
422 :options => {
423 :site => "http://nubux.heroku.com"
f632670 @pelle Changed the OAUTH_CREDENTIALS format to have oauth_consumer options i…
authored
424 }
7c79979 @pelle Added documentation of Consumer
authored
425 }
426 }
427
f632670 @pelle Changed the OAUTH_CREDENTIALS format to have oauth_consumer options i…
authored
428 You can add any of the options that the OAuth::Consumer.new accepts to the options hash: http://oauth.rubyforge.org/rdoc/classes/OAuth/Consumer.html
7c79979 @pelle Added documentation of Consumer
authored
429
f632670 @pelle Changed the OAUTH_CREDENTIALS format to have oauth_consumer options i…
authored
430 :key, :secret are required as well as :options[:site] etc. for non custom ConsumerToken services.
7c79979 @pelle Added documentation of Consumer
authored
431
432 === ConsumerToken models
433
434 For each site setup in the OAUTH_CREDENTIALS hash the plugin goes through and loads or creates a new model class that subclasses ConsumerToken.
435
436 eg. If you connect to Yahoo's FireEagle you would add the :fire_eagle entry to OAUTH_CREDENTIALS and a new FireEagleToken model class will be created on the fly.
437
438 This allows you to add a has_one association in your user model:
439
1b90592 @akonan cleans the code examples in readme
akonan authored
440 has_one :fire_eagle, :class_name => "FireEagleToken", :dependent => :destroy
7c79979 @pelle Added documentation of Consumer
authored
441
442 And you could do:
443
1b90592 @akonan cleans the code examples in readme
akonan authored
444 @location = @user.fire_eagle.client.location
7c79979 @pelle Added documentation of Consumer
authored
445
446 The client method gives you a OAuth::AccessToken which you can use to perform rest operations on the client site - see http://oauth.rubyforge.org/rdoc/classes/OAuth/AccessToken.html
447
9e9b72d @3en Updating documentation to add instructions on User > ConsumerToken as…
3en authored
448 If you are using Mongoid you want to add an embeds_many association in your user model:
449
450 embeds_many :consumer_tokens
451
7c79979 @pelle Added documentation of Consumer
authored
452 === Custom ConsumerToken models
453
454 Before creating the FireEagleToken model the plugin checks if a class already exists by that name or if we provide an api wrapper for it. This allows you to create a better token model that uses an existing ruby gem.
455
a4dc728 @pelle Added FireEagle support
authored
456 Currently we provide the following semi tested tokens wrappers:
7c79979 @pelle Added documentation of Consumer
authored
457
a4dc728 @pelle Added FireEagle support
authored
458 * FireEagle
364c2e8 @pelle Removed dependency for paulsinghs twitter gem
authored
459 * Twitter
7c79979 @pelle Added documentation of Consumer
authored
460 * Agree2
461
462 These can be found in lib/oauth/models/consulers/services. Contributions will be warmly accepted for your favorite OAuth service.
463
464 === The OauthConsumerController
465
466 To connect a user to an external service link or redirect them to:
467
468 /oauth_consumers/[SERVICE_NAME]
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
469
7c79979 @pelle Added documentation of Consumer
authored
470 Where SERVICE_NAME is the name you set in the OAUTH_CREDENTIALS hash. This will request the request token and redirect the user to the services authorization screen. When the user accepts the get redirected back to:
471
472 /oauth_consumers/[SERVICE_NAME]/callback
c5d6b3c @pelle exposing client to http is now disabled by default
authored
473
7c79979 @pelle Added documentation of Consumer
authored
474 You can specify this url to the service you're calling when you register, but it will automatically be sent along anyway.
475
c5d6b3c @pelle exposing client to http is now disabled by default
authored
476 === Expose client
477
478 This is designed to let your local javascript apps access remote OAuth apis. You have to specifically enable this by adding the expose flag to your oauth config file. eg:
479
1b90592 @akonan cleans the code examples in readme
akonan authored
480 OAUTH_CREDENTIALS = {
481 :twitter => {
482 :key => "key",
483 :secret => "secret",
484 :client => :oauth_gem, # :twitter_gem or :oauth_gem (defaults to :twitter_gem)
c5d6b3c @pelle exposing client to http is now disabled by default
authored
485 :expose => true # set to true to expose client via the web
486 }
0b2601c @pelle updated to support latest version of OAuth2 spec. ACTION REQUIRED by …
authored
487
463accf @afeld added documentation for client endpoint
afeld authored
488 Once the user has authorized your application, you can access the client APIs via:
489
490 /oauth_consumers/[SERVICE_NAME]/client/[ENDPOINT]
491
2754e3f @afeld more client endpoint documentation
afeld authored
492 For example to get the user's Google Calendars in JSON (documented in their API as "https://www.google.com/calendar/feeds/default?alt=jsonc"), you would append that path as the ENDPOINT above, i.e.
463accf @afeld added documentation for client endpoint
afeld authored
493
2754e3f @afeld more client endpoint documentation
afeld authored
494 /oauth_consumers/google/client/calendar/feeds/default?alt=jsonc
495
496 As another example, to get my Twitter info as XML (available at "https://api.twitter.com/1/users/show.xml?screen_name=pelleb"), use:
497
498 /oauth_consumers/twitter/client/1/users/show.xml?screen_name=pelleb
463accf @afeld added documentation for client endpoint
afeld authored
499
7c79979 @pelle Added documentation of Consumer
authored
500 === Migrate database
501
502 The database is defined in:
503
504 db/migrate/XXX_create_oauth_consumer_tokens.rb
505
506 Run them as any other normal migration in rails with:
507
508 rake db:migrate
509
c5d6b3c @pelle exposing client to http is now disabled by default
authored
510 == Contribute and earn OAuth Karma
511
512 Anyone who has a commit accepted into the official oauth-plugin git repo is awarded OAuthKarma:
513
514 https://picomoney.com/oauth-karma/accounts
515
516
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
517 == More
518
2eda62c @pelle Updated the plugin to work with the new oauth gem 0.2.1.
authored
519 The Mailing List for all things OAuth in Ruby is:
520
521 http://groups.google.com/group/oauth-ruby
522
523 The Mailing list for everything else OAuth is:
524
525 http://groups.google.com/group/oauth
526
4edb8be @pelle Moving everything into a sub directory for easier installation.
authored
527 The OAuth Ruby Gem home page is http://oauth.rubyforge.org
528
529 Please help documentation, patches and testing.
530
c5d6b3c @pelle exposing client to http is now disabled by default
authored
531 Copyright (c) 2007-2011 Pelle Braendgaard and contributors, released under the MIT license
Something went wrong with that request. Please try again.