Yup (with the gem). Are you building the client or server side? If a
client, what for?
The server side is pretty straightforward, even if you're replacing an
OAuth-style authorization system. I haven't done anything with the Rails
plugin, and I'm not sure how much you gain by using it (unless you're
starting out with a completely fresh app, in which case it might be useful).
This is a potentially helpful tutorial if you're using the plugin:
http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-s...
Alternately, you can refer to a partially working (mostly exists as a
demonstration, not a scaffolding) sample that I wrote here:
http://code.google.com/p/oauth/source/browse/code/ruby/sample_oauth_p...
`svn log` it to find revision numbers to diff so you can see just the
changes w/o Rails boilerplate.
The client side is also pretty straightforward, although the helper classes
and docs suggest that you do weird things with Client and Token
objects--serialize and store in the session--that you should really avoid.
Don't worry about re-instantiating Clients and store the consumer
key/secret and request token/secret (or access token/secret) in a database
somewhere as strings. Make sure you differentiate between request and
access tokens, because APIs will behave differently depending what you throw
at them (and because request tokens *will* expire on you). Also, keep an
eye out when you request request tokens, as what usually happens is that
people either request them too often (you should only get one when you're
about to ask a user to authorize your app) or you request one once and it
expires.
Fire Eagle's Ruby client is a good example of something that uses the client
libs (http://github.com/jnewland/fireeagle/tree/master), although it doesn't
include a demo of how to use it as part of a web app (though this might
help: http://github.com/jnewland/ride_the_fireeagle/tree/master).
The OAuth gem does not yet support Yahoo!'s session extension (used for all
other Y! OAuth-enabled web services besides Fire Eagle), if that's what you
intend to consume. It also does not yet support PKI-SHA1 as a signature
method (which is what Google is using). The PHP client supports this now
(so check there to create a patch). This may also be useful, even though
it's not directly OAuth-related:
http://github.com/mattb/identity-matcher/tree/master/lib/identity_mat...
Whoa. Hope this is useful and not just overkill.
seth
On Tue, May 13, 2008 at 3:13 PM, Sean Carey <s
...@densone.com> wrote:
> Anyone here implemented OAUTH. If so, please tell. Any positive/
> negative things? Also did you use the GEM?
