I’ve made a few changes today to make it easier for other people to create OAuth Rails plugins using my core library.

The most important change is that I have pulled out most of the juice in the plugin into an OAuth GEM.

This means you now need to install the gem before you can use the plugin:

sudo gem install oauth

Easy.

I have also moved the plugin repository around a bit. I’m sorry if you’ve alredy installed it. I made a mistake when I first created it. Now it should have a better url for installing as a plugin: (updated with github)

script/plugin install git://github.com/pelle/oauth-plugin.git

I have updated the instructions in my last post How to turn your rails site into an OAuth Provider

Last but not least I started an oauth-ruby mailing list for Ruby specific implementation issues. Rails developers tend not to be scared of trying new things and it would be better to leave questions about integrating them with specific authentication libraries etc to a separate list.

If you are interested in the actual standard you should also join the main OAuth list.

Phew. off to bed. If you have questions and you’re at the SF Ruby meetup today come up and say hi.

This has been updated on July 21st, 2009 to reflect all the latest changes*

OAuth is the great new standard allowing your users to use your application to talk to their accounts on other applications. I won’t go more into it here as it’s pretty well covered on the OAuth site.

I have created an OAuth Rails Plugin and an oauth gem which will help you to create both oauth providers and consumers.

Consumers and Providers

I will cover consumers in another post, but it’s probably a good idea to explain what the difference is:

A consumer is an application that uses another web applications data. For example for a mashup. It is mainly intended for web applications, but there is nothing to stop you from writing say a way cool Mac client in Cocoa as well.

A provider is a web application that the consumer wants to access.

The classic example is a photo printing site as a consumer and a photo site (like Flickr) as the provider.

Provider features

The plugin can generate an oauth provider that supports the following out of the box:

• User can register their own applications to receive consumer key/secret pairs.
• Provider supports standard best practises out of the box hmac-sha1 etc.
• Users can manage and revoke tokens issued in their name
• Easy before filter to provide oauth protection on your actions

Eran of OAuth fame has published his financial models for his previous business model for Nouncer.

I’d like to thank him for this as it’s something that people normally don’t publish, so you sometimes get a feeling that you’re working in the dark. He’s changed his business model considerably now so he’s happy to publish it.

The structure is surprisingly similar to what we have, with a few differences though. Anyway go check it out if you’re struggling with your own. It’s a great tool to have.

While StakeItOut is history now OAuth would have been a godsend when I was developing it’s web service bookmarking feature.

StakeItOut was a secure bookmarking service. Kind of like Magnolia but encrypted and private. I had a neat feature that would allow you to create map certain URL’s to WebServices. Thus allowing you to perform various actions on them.

I already allowed user defined url mappings via a regex pattern. The big problem was that I had to hand code the web services support for each web service.

The authentication bit was the most annoying part of this as I had to hand code it for each kind of service. OAuth would have let me to handle it with a single API.

Anyway considering that Larry Halff the founder of Magnolia is one of the authors of OAuth standard I can see cool similar things happening there soon.

As promised I’ve posted Contracts are relationships as the first in a new series of posts about contracts on the Extra Eagle Blog

One of the biggest mistakes people make about contracts are that they are documents. It is an easy mistake to make. After all large parts of the legal profession have been feeding us this story for at least a century even though they all learn otherwise in their first class of Contract Law 101 in law school. read more