if ci_badges.map(&:color).detect { it != "green"} ☝️ let me know, as I may have missed the discord notification.
if ci_badges.map(&:color).all? { it == "green"} 👇️ send money so I can do more of this. FLOSS maintenance is now my full-time job.
OAuth 1.0a is an industry-standard protocol for authorization. It is an update to the original OAuth 1.0 protocol, and is used by many popular services.
This RubyGem provides a CLI for OAuth 1.0 or 1.0a clients and servers in Ruby applications.
All dependencies of this gem are signed, so it can be installed with a HighSecurity profile.
- OAuth 1.0 Spec
- oauth sibling gem for OAuth 1.0 / 1.0a client and server implementations in Ruby.
- oauth2 sibling gem for OAuth 2.0 / 2.1, & OIDC client implementations in Ruby.
| Tokens to Remember |   |
|---|---|
| Works with JRuby | -AABBCC?style=for-the-badge&logo=ruby&logoColor=red){kind=icon} -AABBCC?style=for-the-badge&logo=ruby&logoColor=red){kind=icon} -AABBCC?style=for-the-badge&logo=ruby&logoColor=red){kind=icon}    |
| Works with Truffle Ruby | -AABBCC?style=for-the-badge&logo=ruby&logoColor=pink){kind=icon} -AABBCC?style=for-the-badge&logo=ruby&logoColor=pink){kind=icon}   |
| Works with MRI Ruby 3 |       |
| Works with MRI Ruby 2 |      |
| Support & Community |     |
| Source |     |
| Documentation |      |
| Compliance |      |
| Style |     |
| Maintainer 🎖️ |      |
... 💖 |
    🧊 🐙 🛖 🧪 |
Compatible with MRI Ruby 2.3.0+, and concordant releases of JRuby, and TruffleRuby.
| 🚚 Amazing test matrix was brought to you by | 🔎 appraisal2 🔎 and the color 💚 green 💚 |
|---|---|
| 👟 Check it out! | ✨ github.com/appraisal-rb/appraisal2 ✨ |
Find this repo on federated forges (Coming soon!)
| Federated DVCS Repository | Status | Issues | PRs | Wiki | CI | Discussions |
|---|---|---|---|---|---|---|
| 🧪 ruby-oauth/oauth-tty on GitLab | The Truth | 💚 | 💚 | 💚 | 🐭 Tiny Matrix | ➖ |
| 🧊 ruby-oauth/oauth-tty on CodeBerg | An Ethical Mirror (Donate) | 💚 | 💚 | ➖ | ⭕️ No Matrix | ➖ |
| 🐙 ruby-oauth/oauth-tty on GitHub | Another Mirror | 💚 | 💚 | 💚 | 💯 Full Matrix | 💚 |
| 🤼 [OAuth Ruby Google Group][⛳gg-discussions] | "Active" | ➖ | ➖ | ➖ | ➖ | [💚][⛳gg-discussions] |
| 🎮️ Discord Server | |
Let's | talk | about | this | library! |
Available as part of the Tidelift Subscription.
Need enterprise-level guarantees?
The maintainers of this and thousands of other packages are working with Tidelift to deliver commercial support and maintenance for the open source packages you use to build your applications. Save time, reduce risk, and improve code health, while paying the maintainers of the exact packages you use.
- 💡Subscribe for support guarantees covering all your FLOSS dependencies
- 💡Tidelift is part of Sonar
- 💡Tidelift pays maintainers to maintain the software you depend on!
📊@Pointy Haired Boss: An enterprise support subscription is "never gonna let you down", and supports open source maintainers
Alternatively:
Install the gem and add to the application's Gemfile by executing:
bundle add oauth-ttyIf bundler is not being used to manage dependencies, install the gem by executing:
gem install oauth-ttyFor Medium or High Security Installations
This gem is cryptographically signed, and has verifiable SHA-256 and SHA-512 checksums by stone_checksums. Be sure the gem you install hasn’t been tampered with by following the instructions below.
Add my public key (if you haven’t already, expires 2045-04-29) as a trusted certificate:
gem cert --add <(curl -Ls https://raw.github.com/galtzo-floss/certs/main/pboling.pem)You only need to do that once. Then proceed to install with:
gem install oauth-tty -P HighSecurityThe HighSecurity trust profile will verify signed gems, and not allow the installation of unsigned dependencies.
If you want to up your security game full-time:
bundle config set --global trust-policy MediumSecurityMediumSecurity instead of HighSecurity is necessary if not all the gems you use are signed.
NOTE: Be prepared to track down certs for signed gems and add them the same way you added mine.
The oauth-tty gem is a thin CLI over the oauth gem. You supply your consumer credentials, token credentials (when applicable), a target URI, and optional parameters, and the tool signs requests or helps you complete an OAuth 1.0/1.0a 3-legged flow.
What you can configure
- Locations for OAuth parameters:
- --header (default): send OAuth params in Authorization header
- --body: send OAuth params in the request body
- --query-string: send OAuth params on the query string
- HTTP method: --method GET|POST|PUT|DELETE|… (default: POST)
- Signature method: --signature-method HMAC-SHA1|RSA-SHA1|PLAINTEXT (default: HMAC-SHA1)
- OAuth version: --version 1.0 (default: 1.0) or --no-version to omit
- Nonce/timestamp: auto-generated by default; can be overridden via --nonce and --timestamp
- Verbose output: --verbose prints the full signing breakdown, headers, and signature base string
- XMPP mode: --xmpp emits OAuth as an XMPP stanza instead of HTTP artifacts
Required inputs (by command)
- sign, query: --consumer-key, --consumer-secret, --token, --secret, and --uri
- authorize: --consumer-key, --consumer-secret, the OAuth endpoints below, and --uri (service resource you’re authorizing for)
Authorization endpoints (for oauth authorize)
- --request-token-url URL
- --authorize-url URL
- --access-token-url URL
- Optional: --callback-url URL (for 1.0a), --scope SCOPE (provider-specific)
Providing options
- CLI flags (preferred for quick usage)
- Options file: use -O or --options to read additional arguments from a file. The file is tokenized by whitespace; put the same flags you’d pass on the command line, spread across lines as needed.
Example options file (oauth.opts)
--consumer-key ck_123
--consumer-secret cs_456
--token at_789
--secret ats_abc
--method GET
--uri https://api.example.com/v1/profile
--parameters foo:bar
--parameters "status=active"
--header
Run with: oauth sign -O oauth.opts
Defaults at a glance
- scheme: header
- method: POST
- signature method: HMAC-SHA1
- oauth_version: 1.0 (omit with --no-version)
- nonce, timestamp: auto-generated each run
Tips
- For parameters you can use either key:value or already-escaped pairs like key=value. Repeat --parameters to add multiple pairs.
- When using --body, only methods that support bodies should be used (e.g., POST/PUT/PATCH).
- Some providers require exact parameter ordering and inclusion; use --verbose to see normalized parameters and the signature base string.
In a shell run oauth to start the console.
Quick help and version
oauth --help
oauth --version # or oauth -vSign a request (minimal) Print just the OAuth signature value for a GET request:
oauth sign \
--consumer-key ck \
--consumer-secret cs \
--token at \
--secret ats \
--method GET \
--uri "https://api.example.com/v1/resource?limit=10"Sign a request (verbose, header output)
oauth sign \
--consumer-key ck \
--consumer-secret cs \
--token at \
--secret ats \
--method POST \
--uri https://api.example.com/v1/resource \
--parameters "status=active" \
--header \
--verboseThis prints OAuth parameters, normalized parameters, signature base string, Authorization header, and both raw and escaped signatures.
Query a protected resource Performs the signed HTTP request and prints the HTTP status and body.
oauth query \
--consumer-key ck \
--consumer-secret cs \
--token at \
--secret ats \
--method GET \
--uri https://api.example.com/v1/profile \
--parameters "fields=id,name"Notes:
- The CLI will append any --parameters to the request URI’s query string and sign the request.
- Use --body or --header/--query-string to influence where OAuth params go; query also constructs OAuth via the consumer internally.
Start an OAuth 1.0a authorization flow Guides you to obtain an access token and token secret from a provider.
oauth authorize \
--consumer-key ck \
--consumer-secret cs \
--request-token-url https://provider.example.com/oauth/request_token \
--authorize-url https://provider.example.com/oauth/authorize \
--access-token-url https://provider.example.com/oauth/access_token \
--callback-url https://yourapp.example.com/oauth/callbackWhat happens:
- You’ll be shown an authorization URL to open in a browser.
- After approving, the provider shows a verifier (PIN). Paste it back into the prompt.
- The tool prints the access token and secret under “Response:”. Save those and use them with sign/query.
Using an options file
oauth sign -O oauth.optsYou can still add/override flags after -O; later flags win.
For more examples
- Run any command without args to see its specific help.
- Browse the specs under spec/oauth/tty for additional scenarios and edge cases.
In a shell run oauth to start the console.
For now, please see the tests for other usage.
While ruby-oauth tools are free software and will always be, the project would benefit immensely from some funding. Raising a monthly budget of... "dollars" would make the project more sustainable.
We welcome both individual and corporate sponsors! We also offer a wide array of funding channels to account for your preferences (although currently Open Collective is our preferred funding platform).
If you're working in a company that's making significant use of ruby-oauth tools we'd appreciate it if you suggest to your company to become a ruby-oauth sponsor.
You can support the development of ruby-oauth tools via GitHub Sponsors, Liberapay, PayPal, Open Collective and Tidelift.
| 📍 NOTE |
|---|
| If doing a sponsorship in the form of donation is problematic for your company from an accounting standpoint, we'd recommend the use of Tidelift, where you can get a support-like subscription instead. |
Support us with a monthly donation and help us continue our activities. [Become a backer]
NOTE: kettle-readme-backers updates this list every day, automatically.
No backers yet. Be the first!
Become a sponsor and get your logo on our README on GitHub with a link to your site. [Become a sponsor]
NOTE: kettle-readme-backers updates this list every day, automatically.
No sponsors yet. Be the first!
How wonderful it is that nobody need wait a single moment before starting to improve the world.
—Anne Frank
I’m driven by a passion to foster a thriving open-source community – a space where people can tackle complex problems, no matter how small. Revitalizing libraries that have fallen into disrepair, and building new libraries focused on solving real-world challenges, are my passions — totaling 79 hours of FLOSS coding over just the past seven days, a pretty regular week for me. I was recently affected by layoffs, and the tech jobs market is unwelcoming. I’m reaching out here because your support would significantly aid my efforts to provide for my family, and my farm (11 🐔 chickens, 2 🐶 dogs, 3 🐰 rabbits, 8 🐈 cats).
If you work at a company that uses my work, please encourage them to support me as a corporate sponsor. My work on gems you use might show up in bundle fund.
I’m developing a new library, floss_funding, designed to empower open-source developers like myself to get paid for the work we do, in a sustainable way. Please give it a look.
Floss-Funding.dev: 👉️ No network calls. 👉️ No tracking. 👉️ No oversight. 👉️ Minimal crypto hashing. 💡 Easily disabled nags
See SECURITY.md.
If you need some ideas of where to help, you could work on adding more code coverage, or if it is already 💯 (see below) check reek, issues, or PRs, or use the gem and think about how it could be better.
We
See CONTRIBUTING.md for more detailed instructions.
See CONTRIBUTING.md.
Everyone interacting with this project's codebases, issue trackers,
chat rooms and mailing lists agrees to follow the
Made with contributors-img.
Also see GitLab Contributors: https://gitlab.com/ruby-oauth/oauth-tty/-/graphs/main
⭐️ Star History
This Library adheres to
dropping support for a platform is both obviously and objectively a breaking change
—Jordan Harband (@ljharb, maintainer of SemVer) in SemVer issue 716
I understand that policy doesn't work universally ("exceptions to every rule!"), but it is the policy here. As such, in many cases it is good to specify a dependency on this library using the Pessimistic Version Constraint with two digits of precision.
For example:
spec.add_dependency("oauth-tty", "~> 1.0")📌 Is "Platform Support" part of the public API? More details inside.
SemVer should, IMO, but doesn't explicitly, say that dropping support for specific Platforms is a breaking change to an API. It is obvious to many, but not all, and since the spec is silent, the bike shedding is endless.
To get a better understanding of how SemVer is intended to work over a project's lifetime, read this article from the creator of SemVer:
See CHANGELOG.md for a list of releases.
The gem is available as open source under the terms of
the MIT License
-
Copyright (c) 2021-2022, 2025 Peter H. Boling, of
Galtzo.com
- Copyright (c) 2016-2017 Thiago Pinto
Maintainers have teeth and need to pay their dentists. After getting laid off in an RIF in March and filled with many dozens of rejections, I'm now spending ~60+ hours a week building open source tools. I'm hoping to be able to pay for my kids' health insurance this month, so if you value the work I am doing, I need your support. Please consider sponsoring me or the project.
To join the community or get help 👇️ Join the Discord.
To say "thanks!" ☝️ Join the Discord or 👇️ send money.
Thanks for RTFM.
