OAuth For MediaWiki's (the software used by Wikipedia) OAuth support, see mw:Help:OAuth OAuth is an open standard for authorization, commonly used as a way for Internet users to log into third party websites using their Microsoft, Google, Facebook or Twitter accounts without exposing their password.[1] Generally, OAuth provides to clients a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. OAuth is a service that is complementary to and distinct from OpenID. History[edit] The OAuth discussion group was created in April 2007, for the small group of implementers to write the draft proposal for an open protocol. The OAuth 1.0 protocol was published as RFC 5849, an informational Request for Comments, in April 2010. Since August 31, 2010, all third party Twitter applications have been required to use OAuth.[4] OAuth 2.0[edit] Security[edit]
Twitter Authentication in Sinatra At the recent Summit Awesome Hackathon in Manchester, my team were working on a web app that updated a user’s bio on various social networks in one place. This meant getting down and dirty with various social network APIs (not a pretty thing I can tell you). I thought I’d do a quick write up on how you can authenticate users in a Sinatra app by allowing them to sign in with Twitter. Set Up The Site To demonstrate this working, first of all, let’s set up a simple app that has two urls – public and private. This sets up a helper method called admin? The second route is a private page that will only show the message if the admin? Using Sessions to Log in and Out We can add some route handlers to allow the user to log in and out and use sessions to keep track of whether a user is logged in or not. Now restart the server and try going to ‘ then go to ‘ and you should be able to see the page. Register Your App with Twitter Ominauth
Authentication Methods Overview - Current Mule Documentation There are several common authentication protocols that APIs generally use. In most cases, you will implement at least one authentication method in your Anypoint™ DevKit connector. To help you decide which method to use, this document offers a brief description of each of the most popular methods. Basic Authorization In essence, this authentication method demands that a client prove authenticity by entering a username and password. While this authentication method meets the need of the application, it also opens the door for the application to do much more than simply check for "self-liked" posts. OAuth A broadly-used alternative to username-password authentication is OAuth (Open standard for Authorization). Unlike other protocols, OAuth retains a state (for example, connected) in a cookie and, therefore, doesn't need to send token information with each request it submits. Other Protocols Kerberos Go Further NEXT: Implementing Connection Management.
OAuth | GitHub API OAuth2 is a protocol that lets external applications request authorization to private details in a user's GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time. All developers need to register their application before getting started. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared. GitHub's OAuth implementation supports the standard authorization code grant type. Web Application Flow This is a description of the OAuth2 flow from 3rd party web sites. 1. GET Parameters 2. If the user accepts your request, GitHub redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. Exchange this for an access token: POST Response 3.
intridea/oauth2 OAuth 2 just got a bit easier Ever since Devkit made its first entry into the Mule family, a big variety of OAuth enabled Cloud Connectors were made available. Salesforce, Facebook, Twitter, Dropbox, LinkedIn and Google Apps suite are just some examples of the APIs we’ve connected to using that support. When we started thinking about the August 2013 release we decided to take it one step forward and make it easier than ever. And now that Mule 3.5-andes is available on CloudHub, you’ll be able to leverage all these improvements into your integrations. So, imagine this integration app: Multitenant applicationPolls CSV files from a FTP endpointCreates that contact in Salesforce So, let’s see how such a flow would look right now: So that doesn’t look that bad! Ever since Mule 3.3.1, Cloud Connectors have provided support for multi tenant applications. This is actually more complex than it sounds, since it requires a lookup to adapt the user id in your mule app to the user id in the OAuth provider. Let’s look at it on XML:
Google API – Sinatra + OAuth2 | a day in the pit Here is a quick example of using the Google with OAuth2 and Sinatra and it should take less than 20 minutes to get running! If you’re here to figure out how to use GMail’s API with OAuth2 then you should know it does not work as of 7/23/2012. Use OAuth 1.0/XOAUTH. Requirements Ruby 1.8.7+Bundler (gem install bundler) We will also need a Google Client ID and Secret. Let’s run Okay by this point we have Ruby, Bundler, and our Google credentials. Let’s create a few of our boilerplate files we’ll be using. Next, run this command to get our dependencies installed: We’re going to run Sinatra as a rack application. Line 7 of the above code snippet should make you a bit concerned since we have not created an app.rb file yet so that require is going to throw an error. But before we add app.rb I really want to get the rest of the little stuff out of the way. and create the following files. Great. We want to create a small application that will let a user visit our home page. So here it is in code
October 2013 Release: Expanded DataSense connectivity Expanded DataSense capabilities We believe that metadata-driven design is the number one productivity enhancer for SaaS to on-premise integration. Therefore, the number one goal of the release was to greatly expand the number of connectors which support DataSense and DataSense Query Language. To this end, we’ve made many improvements to Mule Studio, Anypoint Connectors and the CloudHub Mule Runtime (see below) to make these connectors work seamlessly. Another key feature we’ve added is an advanced editor for DataSense Query Language. The expanded list of connectors which now supports DataSense includes: Additionally, we’re updating more and more connectors all the time, with many more coming before the end of the year. Auto-paging and Anypoint Connectors If you’ve ever worked with large data sets, you know that it can be difficult to deal with multiple pages of results. For this, we’ve introduced auto-paging for connectors. CloudHub Mule Runtime Other Improvements Related posts:
Using the LinkedIn API with OAuth2 and Ruby » Big TrapezeBig Trapeze In my experience with programmatically connecting to the major social networks, the LinkedIn API seems to be the hardest to get a quick grasp on. There’s a lot of outdated information, disparate and competing Ruby gems, and general confusion about how to simply connect and get data back. Normally, I use the OmniAuth Gems and their respective strategies to get data from social networks, but the LinkedIn one just wasn’t cutting it like I needed it to. For example, the official strategy for working with LinkedIn– close, but doesn’t allow for a custom callback URL, instead relying on one you’d have to hardcode during the application setup at LinkedIn. This is fine if you’re only developing for a single domain, but many of us use multiple domains (typically, production, development and/or test domains) when developing an app. So, here’s the approach I’ve taken, and it’s worked great so far: In your Gemfile, include the oauth2 gem,
Mule OAuth2 support: Even easier still This post is brought to you by… you! Yes, a couple of weeks back I was writing about how dealing with OAuth2 secured APIs got way easier since Mule’s August 2013 Release. We got such a great feedback that we decided to incorporate some of it in our latest October 2013 release. Token Management vs. So let’s do a quick recap. In this case, Mule will automatically handle your tokens by using the connector’s config name (in this case “mySalesForceConnector“) as the token id. This is not enough for the multitenant case, since different tenants need to have different token ids (otherwise user1 could end up entering user2′s account and everything would be a big mess). This is great and a huge improvement over Mule 3.4.x. Repetition: Worst thing can happen to an artist So yes, the problem here is repetition. This is how it works: Each time an OAuth2 protected operation is found (and this includes the authorize) we check if the message processor has its own accessTokenId expression. Neat isn’t it?
rack-oauth2-server OAuth 2.0 Authorization Server as a Rack module. Because you don't allow strangers into your app, and OAuth 2.0 is the new awesome. rack-oauth2-server currently implements version 10 of the OAuth 2.0 spec For more background, check out the presentation slides. Adding OAuth 2.0 To Your Application Step 1: Setup Your Database The authorization server needs to keep track of clients, authorization requests, access grants and access tokens. The current release uses MongoDB. If MongoDB is not your flavor, you can easily change the models to support a different database engine. Step 2: Use The Server For Rails 2.3/3.0, Rack::OAuth2::Server automatically adds itself as middleware when required, but you do need to configure it from within config/environment.rb (or one of the specific environment files). For Sinatra and Padrino, first require rack/oauth2/sinatra and register Rack::OAuth2::Sinatra into your application. The configuration options are:
How to Protect Your APIs with OAuth On this 10th ‘Day of Christmas’ Mule blog post, we tackle an increasingly important question in the world of APIs: Presume that you would like to create a remote API (which perhaps exposes some legacy business logic) for access by internal and/or external clients. How can you make sure that access to your API is protected in such a way that: A) Only clients that you trust can access them; B) Those clients can access your API through the explicit authorization of their end-users; and C) The end-users can be authenticated with a central entity, *withouth* having to share their credentials with your API’s clients. It turns out that over the last couple of years, as the prominence of remote APIs, specially REST based ones, has increased, the need for a good answer to this question has become critical. At the onset, to address the question, many proprietary web authentication protocols were created (AuthSub, AOL’s OpenAuth, Yahoo’s BBAuth, and others…). Related posts:
OAuth2 Consumer With Sinatra - Gazler This is part 2 of creating an OAuth based API with rails. Part 1 is available here. Source The source for both the provider and the consumer are available here Screencasts I have created screencasts to go along with this tutorial. Download mp4 format ogv format avi format Change the following in views/oauth/oauth2_authorize.html.erb To You should now start a rails server and navigate to after signing up go to and create a client. There are a couple things you should change in views/oauth_clients/index.html.erb Change the @tokens block to: And change the @client_applications block to: You should now create a consumer directory outside of the rails root. cd .. mkdir consumer && cd consumer You will then need to install sinatra and the oauth2 gem Please note this requires a version of oauth higher than 0.5 gem install sinatra gem install oauth2 Copy the following code, replacing the API keys from those of the client:
Introducing Mule Enterprise Security Service-Oriented Architectures (SOA) present unique security challenges due to loose service/application coupling and operations running across trust boundaries. To help our customers address these challenges, we have extended the Mule ESB platform security in several key areas and are making these extensions available through our Mule Enterprise Security package. This blog post will introduce the key components of that soon to be released package. Product Overview The first thing to know about Mule Enterprise Security is that it builds on top of Mule ESB Enterprise’s existing security capabilities. Mule ESB Enterprise already provides a solid set of security features, including: The new capabilities included in Mule Enterprise Security extend these existing security features while leveraging the benefits associated with Mule flows such as support for streaming and the Mule Expression Language. Secure Token Service – OAuth 2.0 Provider Credentials Vault Message Encryption Digital Signatures