Where do 2-Legged Credentials Go?

70 views
Skip to first unread message

Jeff S.

unread,
May 24, 2011, 2:48:01 PM5/24/11
to OAuth Ruby
I'm writing an application that is an OAuth 2-legged provider to a
single client application. I have installed the oauth gem and plugin
and generated my controllers. In the controller I want to protect, I
have the following code:

class UploadController < ApplicationController
include OAuth::Controllers::ApplicationControllerMethods
oauthenticate :strategies => :two_legged, :interactive => false

def upload
# do some stuff
end
end

Where do I store the keys for the client application so that
oauthenticate can get to them?

I apologize if this is a simplistic questions. This is my first time
doing something like OAuth. If I was using HTTP digest
authentication, I would store the credentials in a YML file. However,
it doesn't seem this plugin has that option.

Thanks.

Cameron

unread,
May 24, 2011, 3:35:56 PM5/24/11
to OAuth Ruby
During the setup you should of had a few migrations and as well has to
add the following code snippet to your "User" object.

has_many :client_applications
has_many :tokens, :class_name=>"OauthToken",:order=>"authorized_at
desc",:include=>[:client_application]

This should handle allowing oauth to get the keys for this
application. In your case because you are providing a one off
application that only one other provider is going to a bit of over
kill having an entire user model, but it will also let you have it be
extremely simplistic since you don't need a log in interface, a
detailed user structure and other things you would need for multiple
users.

I would suggest just creating a simple user and try to emulate the
process of creating a client application in the terminal. I know that
the gem comes with controllers and views to do it visually but since
you don't have a need for that, doing it from the console may turn out
to be easier that getting something prepared so you could do it from
your browser

Matt Coneybeare

unread,
Feb 3, 2012, 3:38:50 PM2/3/12
to oauth...@googlegroups.com
I know this is an 8-month old thread, but not much is on the web about this. How did you end up setting up your simple 2-legged approach? Devise, client applications and callbacks are all overkill for my basic needs.
Reply all
Reply to author
Forward
0 new messages