January 30th, 2008
Today I released the new version of the OAuth Rails plugin . This finally supports the new “all together now” release of the OAuth Ruby Gem, which Blaine Cook and me have worked hard to merge together from our previous incarnations.
I previously posted a guide to how to turn your rails site into an OAuth Provider, which should still be pretty much be correct as there haven’t been too many changes to the api that you would use within your rails application.
See the OAuth Plugin Documentation for more detailed installation instructions.
If you are using the plugin or gem please join the OAuth-Ruby Google Group
If you have previously installed the plugin you need to first update your OAuth gem to the latest version. I’m afraid you also do need to rerun the generator. There haven’t been any changes to the view code so you can leave them be if you’ve made your own changes.
The new OAuth gem was basically a merge of my previous gem which we merged with the Blaine’s original OAuth code, which is used on Twitter. Large chunks of this has been written by Larry Halff and Jesse Clark of Ma.gnolia. Further help and patches came from amongst other people Pat Cappelaere, Jon Crosby, Seth Fitzsimmons and Phillip Pearson.
November 27th, 2007
I’ve made a few changes today to make it easier for other people to create OAuth Rails plugins using my core library.
The most important change is that I have pulled out most of the juice in the plugin into an OAuth GEM.
This means you now need to install the gem before you can use the plugin:
sudo gem install oauth
I have also moved the plugin repository around a bit. I’m sorry if you’ve alredy installed it. I made a mistake when I first created it. Now it should have a better url for installing as a plugin: (updated with github)
script/plugin install git://github.com/pelle/oauth-plugin.git
I have updated the instructions in my last post How to turn your rails site into an OAuth Provider
Last but not least I started an oauth-ruby mailing list for Ruby specific implementation issues. Rails developers tend not to be scared of trying new things and it would be better to leave questions about integrating them with specific authentication libraries etc to a separate list.
If you are interested in the actual standard you should also join the main OAuth list.
Phew. off to bed. If you have questions and you’re at the SF Ruby meetup today come up and say hi.
November 26th, 2007
This has been updated on July 21st, 2009 to reflect all the latest changes*
OAuth is the great new standard allowing your users to use your application to talk to their accounts on other applications. I won’t go more into it here as it’s pretty well covered on the OAuth site.
I have created an OAuth Rails Plugin and an oauth gem which will help you to create both oauth providers and consumers.
Consumers and Providers
I will cover consumers in another post, but it’s probably a good idea to explain what the difference is:
A consumer is an application that uses another web applications data. For example for a mashup. It is mainly intended for web applications, but there is nothing to stop you from writing say a way cool Mac client in Cocoa as well.
A provider is a web application that the consumer wants to access.
The classic example is a photo printing site as a consumer and a photo site (like Flickr) as the provider.
The plugin can generate an oauth provider that supports the following out of the box:
- User can register their own applications to receive consumer key/secret pairs.
- Provider supports standard best practises out of the box hmac-sha1 etc.
- Users can manage and revoke tokens issued in their name
- Easy before filter to provide oauth protection on your actions
November 4th, 2007
While StakeItOut is history now OAuth would have been a godsend when I was developing it’s web service bookmarking feature.
StakeItOut was a secure bookmarking service. Kind of like Magnolia but encrypted and private. I had a neat feature that would allow you to create map certain URL’s to WebServices. Thus allowing you to perform various actions on them.
I already allowed user defined url mappings via a regex pattern. The big problem was that I had to hand code the web services support for each web service.
The authentication bit was the most annoying part of this as I had to hand code it for each kind of service. OAuth would have let me to handle it with a single API.
Anyway considering that Larry Halff the founder of Magnolia is one of the authors of OAuth standard I can see cool similar things happening there soon.