Page 0: Page 1: Introducing OAuth4R • Forget the protocol, just fill in the blanks • Provides code generators to allow • Generated scaffolds does the OAuth dance out of the box to their Users Rails website to support OAuth easily • Only need developers to link tokens Page 2: OAuth4R svn checkout http://oauth4r.googlecode.com/svn/trunk/example_apps • “Provider” site contains • users • users’ contacts • “Consumer” site contains • only users Page 3: OAuth4R: Provider cd example_apps/oauth_provider rake db:create:all rake db:migrate ./script/server -p 5001 • Users controller at http://localhost:5001/users • with primitive login implemented • Users’ Addressbook controller at http://localhost:5001/contacts • with primitive permissions based on user’s login Page 4: OAuth4R: Consumer cd ../oauth_consumer/ rake db:create:all rake db:migrate ./script/server -p 5000 • Users controller at http://localhost:5000/users • even more primitive login implementation • For this demo, create a new user, “Tommy” Page 5: OAuth4R: Provider cd ../oauth_provider/ ./script/generate oauth_provider GetContact rake db:migrate patch -p0 < TODO.patch ./script/server -p 5001 • Generate a “scaffold controller” • Controller does the OAuth dance • Modify to linkup with your own user models Page 6: • Modifying generated OAuth controller • oauth_user = User.find(session..) Page 7: • Modify your User model to has_many oauth_user • Modify controller guarding Protected Resources to requires_oauth Page 8: OAuth4R: Consumer cd ../oauth_consumer/ ./script/generate oauth_consumer UseGetContact rake db:migrate patch -p0 < TODO1.patch ./script/server -p 5000 • Generate a “scaffold controller” • Controller can do OAuth dance with one service provider • Modify to linkup with your User models Page 9: • Modify generated OAuth controller • oauth_user = User.find(session..) Page 10: • Modify user to has_many oauth_user • Add a link to kick-start OAuth authorization link_to .. new_use_get_contact_path Page 11: Registering Consumer • Go to http://localhost:5000/use_get_contacts • Copy “Callback URL” Page 12: Registering Consumer • http://localhost:5001/get_contacts/new • Paste “Callback URL” & click Register • Update config/use_get_contacts.oauth.yml Page 13: User Authorization • Go to http://localhost:5000/users • Click on “Tommy > Show” to login • Click on "Establish OAuth..." Page 14: User Authorization • Click “Create” and you’ll arrive at provider site (http://localhost:5001) to Login • Authorization prompt will appear • Click “Yes” & you’ll be redirected back to consumer site (http://localhost:5000) Page 15: All done, then what? • Scripts accessing APIs on behalf of End User • This demo uses a simple ActiveResource Page 16: All done, then what? $ ruby script/fetch_contacts.rb /example_apps/oauth_consumer/vendor/rails/ activeresource/lib/active_resource/connection.rb: 124:in `handle_response': Failed with 500 Internal Server Error (ActiveResource::ServerError) • OAuth blocks our unauthenticated access • We need to modify our API callers slightly patch -p0 < TODO2.patch Page 17: Modify ActiveResource • Add acts_as_oauth_resource • underlying http connection will be automatically padded with OAuth credentials Page 18: Backend API Access? • Wrap ActiveResource activity inside with_oauth code blocks Page 19: Done $ ruby script/fetch_contacts.rb --- !ruby/object:Contact attributes: name: Dick updated_at: 2007-11-29 08:11:35 Z id: 1 user_id: 1 created_at: 2007-11-29 08:11:35 Z prefix_options: &id001 {} - !ruby/object:Contact attributes: name: Harry updated_at: 2007-11-29 08:11:35 Z id: 2 user_id: 1 created_at: 2007-11-29 08:11:35 Z prefix_options: *id001 Page 20: Ruby Links • OAuth4R • OAuth Rails Plugin http://oauth4r.googlecode.com/ sudo gem install oauth http://oauth-plugin.googlecode.com/ http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-site-into-an-oauth-provider • OAuth Gem • OAuth (was Twitter) • Google Group: oauth-ruby http://oauth.googlecode.com/svn/code/ruby/ http://groups.google.com/group/oauth-ruby Page 21: