Confused about client application keys vs. consumer keys
39 views
Skip to first unread message
Adam Fields
Sep 12, 2011, 4:25:00 PM9/12/11
to OAuth Ruby
I have the following rails code (derived from
http://www.bencurtis.com/2010/03/testing-an-oauth-provider-in-your-rails-app/),
which works:
<pre>
apiurl = 'http://localhost:3001'
# create a local client application to generate the OAuth keys
ca = ClientApplication.create(:name => 'Test', :url => apiurl)
# create an OAuth consumer object to use the keys
consumer = OAuth::Consumer.new(ca.key, ca.secret, :site => apiurl)
puts "ca_key = '#{ca.key}'"
puts "ca_secret = '#{ca.secret}'"
# get the request token
request_token = consumer.get_request_token
request_token.authorize_url
# open the authorize url in your browser to do the authorization step
`open #{request_token.authorize_url}`
# pull the last token out of the db
db_request_token = RequestToken.last
# create a new OAuth request token to make an OAuth access request
access_token = OAuth::RequestToken.new(consumer, request_token.token,
db_request_token.token).get_access_token(:oauth_verifier =>
db_request_token.verifier)
puts "access_key = '#{access_token.token}'"
puts "access_secret = '#{access_token.secret}'"
# use the access token (which has http methods in it) to request the
page via an OAuth request
a = access_token.get('/apiurl', { 'Accept'=>'application/
json' }).read_body
</pre>
But I'm confused about why I need to pass the ClientApplication keys
through when making the Consumer. If I omit them, it doesn't work. My
understanding of how the protocol works is that these are not required
by the end user once the access key and secret have been obtained
from the server via the authorization url, but they seem to be
required. Am I doing something wrong here?
http://www.bencurtis.com/2010/03/testing-an-oauth-provider-in-your-rails-app/),
which works:
<pre>
apiurl = 'http://localhost:3001'
# create a local client application to generate the OAuth keys
ca = ClientApplication.create(:name => 'Test', :url => apiurl)
# create an OAuth consumer object to use the keys
consumer = OAuth::Consumer.new(ca.key, ca.secret, :site => apiurl)
puts "ca_key = '#{ca.key}'"
puts "ca_secret = '#{ca.secret}'"
# get the request token
request_token = consumer.get_request_token
request_token.authorize_url
# open the authorize url in your browser to do the authorization step
`open #{request_token.authorize_url}`
# pull the last token out of the db
db_request_token = RequestToken.last
# create a new OAuth request token to make an OAuth access request
access_token = OAuth::RequestToken.new(consumer, request_token.token,
db_request_token.token).get_access_token(:oauth_verifier =>
db_request_token.verifier)
puts "access_key = '#{access_token.token}'"
puts "access_secret = '#{access_token.secret}'"
# use the access token (which has http methods in it) to request the
page via an OAuth request
a = access_token.get('/apiurl', { 'Accept'=>'application/
json' }).read_body
</pre>
But I'm confused about why I need to pass the ClientApplication keys
through when making the Consumer. If I omit them, it doesn't work. My
understanding of how the protocol works is that these are not required
by the end user once the access key and secret have been obtained
from the server via the authorization url, but they seem to be
required. Am I doing something wrong here?
Reply all
Reply to author
Forward
0 new messages