Intridea/oauth2. OAuth 2.0 — OAuth. OAuth 2.0 is the industry-standard protocol for authorization. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification and its extensions are being developed within the IETF OAuth Working Group.
OAuth 2.1 is an in-progress effort to consolidate OAuth 2.0 and many common extensions under a new name. Questions, suggestions and protocol changes should be discussed on the mailing list. Video Course: The Nuts and Bolts of OAuth 2.0 by Aaron Parecki OAuth 2.0 Mobile and Other Devices Native Apps - Recommendations for using OAuth with native apps Browser-Based Apps - Recommendations for using OAuth with browser-based apps (e.g. an SPA) Device Authorization Grant - OAuth for devices with no browser or no keyboard Token and Token Management Discovery and Registration High Security OAuth These specs are used to add additional security properties on top of OAuth 2.0. Twitter Authentication in Sinatra. At the recent Summit Awesome Hackathon in Manchester, my team were working on a web app that updated a user’s bio on various social networks in one place. This meant getting down and dirty with various social network APIs (not a pretty thing I can tell you).
I thought I’d do a quick write up on how you can authenticate users in a Sinatra app by allowing them to sign in with Twitter. Set Up The Site To demonstrate this working, first of all, let’s set up a simple app that has two urls – public and private. This sets up a helper method called admin? The second route is a private page that will only show the message if the admin? Using Sessions to Log in and Out We can add some route handlers to allow the user to log in and out and use sessions to keep track of whether a user is logged in or not. Now restart the server and try going to ‘ then go to ‘ and you should be able to see the page. Register Your App with Twitter Ominauth. Sinatro OAuth Workflow: Speed Up Your App Development.
Google API – Sinatra + OAuth2 | a day in the pit. Here is a quick example of using the Google with OAuth2 and Sinatra and it should take less than 20 minutes to get running! If you’re here to figure out how to use GMail’s API with OAuth2 then you should know it does not work as of 7/23/2012. Use OAuth 1.0/XOAUTH. Requirements Ruby 1.8.7+Bundler (gem install bundler) We will also need a Google Client ID and Secret.
Let’s run Okay by this point we have Ruby, Bundler, and our Google credentials. Let’s create a few of our boilerplate files we’ll be using. Next, run this command to get our dependencies installed: We’re going to run Sinatra as a rack application. Line 7 of the above code snippet should make you a bit concerned since we have not created an app.rb file yet so that require is going to throw an error. But before we add app.rb I really want to get the rest of the little stuff out of the way. And create the following files. Great. We want to create a small application that will let a user visit our home page.
So here it is in code. Module: Rack::OAuth2::Sinatra — Documentation for demandforce/rack-oauth2-server (master) Using the LinkedIn API with OAuth2 and Ruby » Big TrapezeBig Trapeze. In my experience with programmatically connecting to the major social networks, the LinkedIn API seems to be the hardest to get a quick grasp on. There’s a lot of outdated information, disparate and competing Ruby gems, and general confusion about how to simply connect and get data back. Normally, I use the OmniAuth Gems and their respective strategies to get data from social networks, but the LinkedIn one just wasn’t cutting it like I needed it to. For example, the official strategy for working with LinkedIn– close, but doesn’t allow for a custom callback URL, instead relying on one you’d have to hardcode during the application setup at LinkedIn.
This is fine if you’re only developing for a single domain, but many of us use multiple domains (typically, production, development and/or test domains) when developing an app. So, here’s the approach I’ve taken, and it’s worked great so far: In your Gemfile, include the oauth2 gem, Ruby API Example. How to use APIs with Ruby. Rack-oauth2-server. OAuth 2.0 Authorization Server as a Rack module.
Because you don't allow strangers into your app, and OAuth 2.0 is the new awesome. rack-oauth2-server currently implements version 10 of the OAuth 2.0 spec For more background, check out the presentation slides. Adding OAuth 2.0 To Your Application Step 1: Setup Your Database The authorization server needs to keep track of clients, authorization requests, access grants and access tokens. The current release uses MongoDB.
If MongoDB is not your flavor, you can easily change the models to support a different database engine. Step 2: Use The Server For Rails 2.3/3.0, Rack::OAuth2::Server automatically adds itself as middleware when required, but you do need to configure it from within config/environment.rb (or one of the specific environment files). For Sinatra and Padrino, first require rack/oauth2/sinatra and register Rack::OAuth2::Sinatra into your application. The configuration options are: OAuth 2.0. OAuth2 Consumer With Sinatra - Gazler. This is part 2 of creating an OAuth based API with rails. Part 1 is available here. Source The source for both the provider and the consumer are available here Screencasts I have created screencasts to go along with this tutorial.
This is my first attempt at screencasting, so please drop me a message if you find them useful or if there is anything you think can be improved. Your feedback is appreciated. Download mp4 format ogv format avi format Change the following in views/oauth/oauth2_authorize.html.erb To You should now start a rails server and navigate to after signing up go to and create a client. There are a couple things you should change in views/oauth_clients/index.html.erb Change the @tokens block to: And change the @client_applications block to: You should now create a consumer directory outside of the rails root. cd .. mkdir consumer && cd consumer gem install sinatra gem install oauth2.