ActiveResource OAuth plugin
It's not the best, but it's working. I've found that ActiveResource is not a polished product. It's very flaky indeed. For one, it's picky about the way the XML looks, unless you write a new format parser for it, and the way those should work is not documented. Anyway, I won't rant about that. OAuth is why you're here. You need an ActiveResource client app to use OAuth to access your (or someone else's) API. No problem.
Before I go into specifics, let me explain a little something about OAuth. OAuth is meant to be user-centric authorization. A user authorizes you to access their data on another site (not necessarily ALL their data, but whatever part you are granted access to). Therefore, it is important that you be careful that if you use OAuth with an ActiveResource model, you have thought through how to keep each user's data safe. If you set oauth tokens straight into a model, they may be available to everyone using your app at the time. In other words, don't let Joe authorize your site to his data only to be followed by Sally browsing at the same time who now has access to Joe's data because the ARes model is now authorized to his data.
Let's get into the meat. Your model will need to include the configuration:
class Person < ActiveResource::Base
requires_oauth(
APP[:consumer_key],
APP[:consumer_secret],
{ :site => connection.base_url.to_s,
:request_token_path => "/request_token",
:access_token_path => "/access_token",
:authorize_path => "/authorize",
:auth_method => :query, # http://term.ie/oauth/example/index.php doesn't like the :authorize header method.
:authorization_method => :scriptable,
:session => lambda {session['person_oauth_session']}
}
)
endThen in your controller, you can do a couple different things:
@Person = Person.with_oauth(self)
people = @Person.find(:all)
# - - - - -
Person.with_oauth(self) do |person|
people = person.find(:all)
puts people.to_xml
end
# - - - - -
after_oauth_authenticates(Person) do |person|
people = person.find(:all)
render :xml => people.to_xml
endNotice the differences: The first two I use primarily for what I call "Scriptable OAuth" -- in other terms it could be known as no-user-interaction OAuth. This is assuming that the consumer key and secret have been provided by the user himself from the site being accessed, and that consumer token is already tied to said user on the site. Using this method, authorization is automatically granted anytime. (Recommended only for automated scripts, and if you write the server code, make sure you let your user know that these are essentially keys to their data and should not be shared.)
The last one is notable: Use it to wrap all the code in a controller action that requires outside OAuth data. This will return a redirect to the authorize_url when it needs authorization, and it will run the block when it's already been authorized. You'll have to manage sending the user back to this action after they come back to your registered callback_url.
You can download the files at http://svn.behindlogic.com/public/ruby/lib/active_resource/plugins/.
# - - - - - - - - - - - - - - - - - - -
All that and I have to point you to a "new ActiveResource" -- SimpleMapper. SimpleMapper is cooler, lighter, better. Check it out!
4 comments:
Nice work...was just contemplating doing this myself but am happy I googled instead. ;) Any updates?
As far as I know, there is still no possibility of using OAuth with ActiveResource. BUT, if you read up on my Rails ticket which hasn't been touched in 7 months (http://dev.rubyonrails.org/ticket/10834), you'll see what needs to be done to support it in ActiveResource. If I needed this functionality I'd program it up today, but I don't currently. SimpleMapper was my solution back then...
You could check out DataMapper's dm-rest-adapter, but I don't think they're any closer to being able to support OAuth out of the box.
To put it really simple, what ActiveResource needs to support OAuth is a simple callback function between when it makes the request and when it sends the request. You'll register your callback to simply take that request, have your OAuth consumer sign it, and then return it to ARes to make the request. Of course wherever the callback is being executed it needs a way to get at the consumer session; and you need a way for the user to go and authenticate the session before you do a model call.
If I do any work on this, what I'd do is clone the current ActiveResource, patch in the callback, and put it up on github so you can install it as a gem.
As a Newbie, I am always searching online for articles that can help me. Thank you
rH3uYcBX
Thank you for your help!
rH3uYcBX
Post a Comment