Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Rails two-legged OAuth provider?

Tags:

ruby

ruby-on-rails

oauth

oauth-provider

two-legged

I have a rails 2.3.5 application with an API I wish to protect.

There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.

I have been trying to use the oauth-plugin server implementation as a start:

http://github.com/pelle/oauth-plugin

...but it is built expecting three-legged (web redirect flow) oauth.

Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.

like image 296
Andrew Kuklewicz Avatar asked May 05 '10 17:05

Andrew Kuklewicz

2 Answers

Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:

class ApiController < ApplicationController

    include OAuth::Controllers::ApplicationControllerMethods

    oauthenticate :strategies => :two_legged, :interactive => false

    # ...

end
like image 144
Andrew Kuklewicz Avatar answered Nov 15 '22 04:11

Andrew Kuklewicz

I'm not aware of any alternatives to oauth-plugin at the moment, though it is definitely getting long in the tooth and ripe for a replacement. My recommendation is to generate the oauth server from oauth-plugin, then extract the dependencies from the plugin (which are just a couple modules worth of methods) and trash the plugin. Then tweak everything to your needs. 2-legged oauth should not be a big problem since it is simpler than 3-legged anyway, and my feeling is that oauth-plugin is not usable these days without significant modifications anyway.

The meat of OAuth has long been extracted into the base oauth gem anyway, so the oauth-plugin is sort of in limbo. The architecture makes some heavy-handed assumptions about what authentication system you are using, and the generated code is dated. So to me, oauth-plugin serves more as an example of how to wire everything up rather than something that most sites would want to use out of the box.

like image 38
gtd Avatar answered Nov 15 '22 06:11

gtd
Sign in to Comment

Related questions

Overriding "find" in ActiveRecord the DRY way
Rails: tracking a user's ID
Rails - Two controllers or adding actions?
In Rails, How do I validates_uniqueness_of :field with a scope of last 6 months
Functional testing Authlogic?
AJAX Rails Validation
Heroku eating my custom HTTP Headers
Why do users have to enter a 7-digit twitter PIN to grant my application access?
The last 20% in Ruby on Rails
rake db:create - collation issues
Should I user Apache or Nginx & Passenger or Mongrel for my Rails application
Ruby technology for portals
document.observe('dom:loaded', function() {
Which version of Ruby should I be using now (Jan 2010)?
Fetching second level model with rails active record
How can I call an API (for example Flickr API) in Ruby on Rails? Newbie question
phusion passenger and ruby 1.9.1 is it working already?
Know of a Rails 2.3 migration cheat sheet? [closed]
What can cause a connection to APNS to intermittently disconnect?
Show a 404 instead of 500 in Rails

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!