tags:

views:

408

answers:

2
+1  Q: 

Rails two-legged OAuth provider?

I have a rails 2.3.5 application with an API I wish to protect.

There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.

I have been trying to use the oauth-plugin server implementation as a start:

http://github.com/pelle/oauth-plugin

...but it is built expecting three-legged (web redirect flow) oauth.

Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.

+2  A: 

I'm not aware of any alternatives to oauth-plugin at the moment, though it is definitely getting long in the tooth and ripe for a replacement. My recommendation is to generate the oauth server from oauth-plugin, then extract the dependencies from the plugin (which are just a couple modules worth of methods) and trash the plugin. Then tweak everything to your needs. 2-legged oauth should not be a big problem since it is simpler than 3-legged anyway, and my feeling is that oauth-plugin is not usable these days without significant modifications anyway.

The meat of OAuth has long been extracted into the base oauth gem anyway, so the oauth-plugin is sort of in limbo. The architecture makes some heavy-handed assumptions about what authentication system you are using, and the generated code is dated. So to me, oauth-plugin serves more as an example of how to wire everything up rather than something that most sites would want to use out of the box.

dasil003  2010-05-05 17:48:15
good advice. I think I'll be ripping out just what I need from the plugin. Since the signature for two-legged request looks alot like the signature on an initial request for a token, I was able to base two-legged auth on that (verify_oauth_consumer_signature in particular).
Andrew Kuklewicz  2010-05-05 18:51:10
ok - got it working, and cleaned out most of the plugin. Will release a gist/branch for this when I get a chance.
Andrew Kuklewicz  2010-05-06 18:10:18
A: 

@Andrew - I am encountering a similar situation. Do you have the cleaned plugin in git-hub?

Gim  2010-09-22 19:47:26
I haven't - let me see if I can get to that soon.
Andrew Kuklewicz  2010-09-24 22:25:03

related questions

Best place to get Ruby on Vista up and running as dev environment
How can I encode xml files to xfdl (base64-gzip)?
What is the best way to learn Ruby?
Learning Ruby on Rails any good for Grails?
How to sell Python to a client/boss/person with lots of cash
How do I create a Class using the Singleton Design Pattern in Ruby?
How do I update Ruby Gems from behind a Proxy (ISA-NTLM)
Why Should I Learn Ruby?
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
How do I rake tasks within a ruby script?
Ruby On Rails with Windows Vista - Best Setup?
Mapping values from two array in Ruby
Reverse DNS in Ruby?
Text Editor For Linux (Besides Vi)?
What is good forum software to add to an existing Rails application?
Calling Bash Commands From Ruby
How can I modify .xfdl files? (Update #1)
How do I use (n)curses in Ruby?
Open Source Ruby Projects
How do I fix 'Unprocessed view path found' error with ExceptionNotifier plugin in rails 2.1?
When to use lambda, when to use Proc.new?
Frequent SystemExit in Ruby when making HTTP calls
Implementation of "Remember me" in a Rails application.
.NET Migrations Engine
How do I add existing comments to RDoc in Ruby?