Programming

The first talk of the day at SnapSummit was
Josh Porter, Founder, Bokardo Design.

These are just my fairly sparse notes and commentaries.

It is very different designing for multi way communication systems like Social Web sites than the traditional one way or two way communication approaches.

Josh highlights 5 key rules to getting it right:

1. The Del.icio.us Lesson

Everyone was talking about tags. But in reality the user’s weren’t using it for the the folksonomy, but about saving bookmarks.

“Personal value precedes network value.”

You have to provide a valuable service even if no one else uses it. This makes sure that people start creating content and come back. The social aspects build on top of that and not the other way around. YouTube and Flickr are also great examples of this.

2. Tie Behavior to Identity

Josh gives an example of 2 different Amazon reviews with one person using real name and other made up. The real name is more trusted. So make sure that the things your users do are tied back to them.

The Ebay Feedback Profile is a great example. The whole thing is tied to a users behavior, they manage this without users using a real name only screen names.

3. Give recognition

It’s important to recognize and award your top users, to give further encouragement for users to interact.

Classic example were Digg’s Top Diggers page. This was eventually removed as top diggers essentially kept digging each others stories. This was good for early growth, but not all that good when they had a large user base.

“Recognition seems to work better when it comes from the group and isn’t permanent.”

To avoid Digg’s situation it is important that your algorithm puts priority on new contributions.

Threadless is good at ensuring this by having set end dates.

4. Show Causation

Netflix are great at this. Show effect of what actions. Do this explicitly.

Basically spell out what your users need to do to get benefits of the site.

5. Leverage Reciprocity

Make the interaction itself rewarding.

“Why do people leave reviews?”

First response from many people in interviews are “I like to help people”, but dig down and you find that people are interested in other aspects such as “I like to see how many people read my reviews” etc.

They are not just giving, but receiving a lot in return. Some of this is the input of other users, but also

LinkedIn: Very high percentage of people who you review review you back.

Top Amazon reviewer Harriet Clausner has reviewed 14000 books. 7 books a day. While Amazon doesn’t expire reputation, it is putting more and more emphasis on high quality revies.

Josh has a new book coming out called “Designing for the social web”. I’m sure it will be a worthwhile read. He also twitters at bokardo

On the request of many people here is a quick guide to developing OAuth Consumer Application (Consumer==Client in OAuth Speak) in Ruby.

I will be using Agree2 as the sample application here, so feel free to go Register and load up a irb session to follow along. You could also do the same with Twitter’s OAuth or any other OAuth server.

The general process is:

1. Register your consumer application with the OAuth compliant service to receive your Consumer Credentials (This is only done once)
2. You initiate the OAuth Token exchange process for a user by requesting a RequestToken from the Service
3. You store the RequestToken in your database or in the users session object
4. You redirect your user to the service providers authorize_url with the RequestToken’s key appended
5. Your user is asked by the service provider to authorize your RequestToken
6. Your user clicks yes and is redirected to your CallBack URL
7. Your callback action exchanges the RequestToken for an AccessToken
8. Now you can access your users data by performing http requests signed by your consumer credentials and the AccessToken.
9. ????
10. PROFIT!!!

Get your Consumer Credentials

Once you are logged in to Agree2 click the Manage OAuth Applications link in the footer:

All OAuth capable applications require you to register your own application first to get your consumer credentials:

Click Register your application

Enter the name of your application, the url of your application, the callback url and an optional support url.

The callback url is the url that Agree2 redirects to after a user has authorized a token for you. For now just enter a url like http://myapp.com/oauth_client/callback. Click register and hey presto:

These are your applications Consumer Credentials.

Hooking up your code

As we are nice guys here at Agree2 also provides actual sample Ruby code on the credentials screen. I will go through this step by step.

First of all you need to install the oauth gem (make sure you have at least 0.2.2):

sudo gem install oauth

Your code needs to require the gem and the consumer part of the library:

gem 'oauth'
require 'oauth/consumer'

Instantiate your Consumer object with your credentials:

@consumer=OAuth::Consumer.new "AVff2raXvhMUxFnif06g", 
                              "u0zg77R1bQqbzutAusJYmTxqeUpWVt7U2TjWlzbVZkA", 
                              {:site=>"https://agree2.com"}

Now request a token from Agree2. This method actually performs a signed http request to https://agree2.com/oauth/request_token :

@[email protected]_request_token

Now you need to redirect the user to the authorize_url

If you’re in irb just output the url:

@request_token.authorize_url

In a real rails application you would perform a redirect:

redirect_to @request_token.authorize_url

The user will be taken to this screen to authorize the token:

I think we need to work a bit on the user interface for this. But it does work. The user authorizes the token. and the user is redirected to the callback url you specified earlier.

In your callback action you now need to exchange the request token for an AccessToken:

@access_token=@request_token.get_access_token

Now you are ready to do whatever you wanted to do:

# Request all your users agreements
@response=@access_token.get "/agreements.xml"

The access token object has all the normal http request methods and returns a standard ruby http response.

Our next step is to integrate this with ActiveResource. This is being worked on now. Once this is done I will update this tutorial.

If your company needs help getting your OAuth Strategy right or implementing OAuth in your application I’m available for consulting work [email protected].

Today I released the new version of the OAuth Rails plugin . This finally supports the new “all together now” release of the OAuth Ruby Gem, which Blaine Cook and me have worked hard to merge together from our previous incarnations.

I previously posted a guide to how to turn your rails site into an OAuth Provider, which should still be pretty much be correct as there haven’t been too many changes to the api that you would use within your rails application.

See the OAuth Plugin Documentation for more detailed installation instructions.

If you are using the plugin or gem please join the OAuth-Ruby Google Group

Updating

If you have previously installed the plugin you need to first update your OAuth gem to the latest version. I’m afraid you also do need to rerun the generator. There haven’t been any changes to the view code so you can leave them be if you’ve made your own changes.

Credits

The new OAuth gem was basically a merge of my previous gem which we merged with the Blaine’s original OAuth code, which is used on Twitter. Large chunks of this has been written by Larry Halff and Jesse Clark of Ma.gnolia. Further help and patches came from amongst other people Pat Cappelaere, Jon Crosby, Seth Fitzsimmons and Phillip Pearson.

I’ve made a few changes today to make it easier for other people to create OAuth Rails plugins using my core library.

The most important change is that I have pulled out most of the juice in the plugin into an OAuth GEM.

This means you now need to install the gem before you can use the plugin:

sudo gem install oauth

Easy.

I have also moved the plugin repository around a bit. I’m sorry if you’ve alredy installed it. I made a mistake when I first created it. Now it should have a better url for installing as a plugin: (updated with github)

script/plugin install git://github.com/pelle/oauth-plugin.git

I have updated the instructions in my last post How to turn your rails site into an OAuth Provider

Last but not least I started an oauth-ruby mailing list for Ruby specific implementation issues. Rails developers tend not to be scared of trying new things and it would be better to leave questions about integrating them with specific authentication libraries etc to a separate list.

If you are interested in the actual standard you should also join the main OAuth list.

Phew. off to bed. If you have questions and you’re at the SF Ruby meetup today come up and say hi.

This has been updated on July 21st, 2009 to reflect all the latest changes*

OAuth is the great new standard allowing your users to use your application to talk to their accounts on other applications. I won’t go more into it here as it’s pretty well covered on the OAuth site.

I have created an OAuth Rails Plugin and an oauth gem which will help you to create both oauth providers and consumers.

Consumers and Providers

I will cover consumers in another post, but it’s probably a good idea to explain what the difference is:

A consumer is an application that uses another web applications data. For example for a mashup. It is mainly intended for web applications, but there is nothing to stop you from writing say a way cool Mac client in Cocoa as well.

A provider is a web application that the consumer wants to access.

The classic example is a photo printing site as a consumer and a photo site (like Flickr) as the provider.

Provider features

The plugin can generate an oauth provider that supports the following out of the box:

• User can register their own applications to receive consumer key/secret pairs.
• Provider supports standard best practises out of the box hmac-sha1 etc.
• Users can manage and revoke tokens issued in their name
• Easy before filter to provide oauth protection on your actions