OAuth summarized

Application Scope

1
2

# create the consumer...
consumer ||= OAuth::Consumer.new(KEY, SECRET, {:site => SITE, :authorize_path => PATH })

Session Scope

1
2
3
4
5

# create the request token...
rt=consumer.get_request_token({ :oauth_callback => OAUTH_CALLBACK_URL })
# save the request token and secret in the session...
session[:r_token]=rt.token
session[:r_secret]=rt.secret

User Scope (Model)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

# use session values to create the request token...
rt=OAuth::RequestToken.new(consumer, session[:r_token], session[:r_secret])
# grab the user data from the OAuth provider...
access_token=rt.get_access_token({:oauth_verifier=>params[:oauth_verifier]})
oauth_user_json=access_token.get(VERIFY_PATH).body
oauth_user=JSON.parse(oauth_user_json)
# create or find the the user (using twitter.com for the email address - could use some work)... 
u=TwitterUser.first_or_create(:email=>"#{oauth_user['screen_name']}@twitter.com")
u.username=oauth_user['screen_name']
u.save!
u.oauth_tokens.all.destroy
u.oauth_tokens.new(:user_access_token=>access_token.to_yaml)
u.save!
# set the session user for future use...
session[:user]=u.id
...
# and when you need access to the OAuth provider again, use the access_token stored in the User model
u=User.first(:id=>session[:user])
access_token=YAML::load(u.oauth_tokens.first.user_access_token)
verify=access_token.get(OAUTH_PROVIDERS["https://twitter.com"][:verify_path]).body
Posted: March 17th, 2010 | Author: jay | Filed under: Code | Tags: , , , , , , , , , | No Comments »

My war is winding down with OAuth

Summary of what’s going on with OAuth:

  1. create a OAuth consumer. Consumer is made up of:
    • application key
    • application secret
    • the url and path to the OAuth provider
  2. create a request token:
    • this makes a call to the provider
    • the request token sends the callback URL to the provider
    • it seems like this expires pretty quickly (at least with Twitter)
    • therefore, I’ll probably hold this in a session
    • once returned from the provider, you can redirect to the provider to complete the access
    • once access is granted, the provider will return the user to the callback URL you sent
  3. create the access token:
    • this makes a call to the provider
    • the user is redirected from the provider to the callback URL
    • a querystring variable – oauth_verifier – is included with the callback URL
    • the oauth_verifier value is then sent back to the provider
    • the provider then returns an access token
    • the access token can hang around for a while and I’ll save that in the database attached to the User model
Posted: March 16th, 2010 | Author: jay | Filed under: Code | Tags: , , , , , , | No Comments »