CSC/ECE 517 Fall 2013/ch1 1w19 rj: Difference between revisions

From Expertiza_Wiki
Jump to navigation Jump to search
Line 29: Line 29:
* OAuthNonce - Used for verifying requests from the client
* OAuthNonce - Used for verifying requests from the client
<br/>
<br/>
6. Migrate the database to create User table in the database
6. Migrate the database to create tables for User, OAuthToken, ClientApplication, and OAuthNonce in the database
  rake db:migrate
  rake db:migrate
7. To test the application, add the following route to your routes.rb
root :to => "oauth_clients#index"
8. Add ClientApplication and OAuthToken associations to User model
has_many :client_applications
has_many :tokens, :class_name=>"Oauth2Token",:order=>"authorized_at desc",:include=>[:client_application]
9. Add an accessor for <code>expires_at</code> to <code>app/models/oauth_token.rb</code>
attr_accessor :expires_at
10. Add the following alias to <code>app/controllers/oauth_controller.rb</code> and <code>app/controllers/oauth_clients_controller.rb</code>
  alias :login_required :authenticate_user!
This is required because <code>oauth-plugin<code> uses <code>login_required</code> method to determine whether the user is authenticated or not. In order to determine whether the user is authenticated or not, we use the <code>authenticate_user!</code> method provided by <code>devise</code> gem.
11. Add the following filter to <code>config/application.rb</code>
require 'oauth/rack/oauth_filter'
config.middleware.use OAuth::Rack::OAuthFilter
This enables the OAuthFilter to the middleware layer and thus allows filtering out unauthorized calls.
12.


=== Creating an OAuth Consumer ===
=== Creating an OAuth Consumer ===

Revision as of 23:59, 14 September 2013

Using secure API authorization via OAuth

OAuth is the de facto standard authentication mechanism used by prominent websites like Facebook and Twitter. This wiki discusses Ruby support for OAuth and highlight using examples.

Introduction to OAuth

OAuth in Ruby

Creating an OAuth Provider

1. Create a Rails application

rails new OAuthProviderApp


2. Add devise and oauth-plugin gems to your Gemfile

gem 'devise'
gem 'oauth-plugin'


3. Run bundle install to install the Gems

bundle install


4. Run the devise:install and devise User generators to generate the User model, controller and views

rails generate devise:install
rails generate devise User

The above commands generates the migration and model for User.

5. Run the oauth_provider generator

rails generate oauth_provider

This will generate the migrations, models, controllers, views and routes for the following:

  • OAuthToken or AccessToken - The token used to associate the request with the resource owner.
  • ClientApplication - Client application that needs access to the services offered by the Server on behalf of the Resource owner
  • OAuthNonce - Used for verifying requests from the client


6. Migrate the database to create tables for User, OAuthToken, ClientApplication, and OAuthNonce in the database

rake db:migrate

7. To test the application, add the following route to your routes.rb

root :to => "oauth_clients#index"

8. Add ClientApplication and OAuthToken associations to User model

has_many :client_applications
has_many :tokens, :class_name=>"Oauth2Token",:order=>"authorized_at desc",:include=>[:client_application]

9. Add an accessor for expires_at to app/models/oauth_token.rb

attr_accessor :expires_at

10. Add the following alias to app/controllers/oauth_controller.rb and app/controllers/oauth_clients_controller.rb

 alias :login_required :authenticate_user!

This is required because oauth-plugin uses login_required method to determine whether the user is authenticated or not. In order to determine whether the user is authenticated or not, we use the authenticate_user! method provided by devise gem. 11. Add the following filter to config/application.rb

require 'oauth/rack/oauth_filter'
config.middleware.use OAuth::Rack::OAuthFilter

This enables the OAuthFilter to the middleware layer and thus allows filtering out unauthorized calls. 12.

Creating an OAuth Consumer

  1. Step 1
  2. Step 2
  3. Step 3