danski-ooh-auth 0.1.20 → 0.3

data/Rakefile

@@ -16,8 +16,8 @@ GEM_NAME = "ooh-auth"
 AUTHOR = "Dan Glegg"
 EMAIL = "dan@angryamoeba.co.uk"
 HOMEPAGE = "http://github.com/danski/ooh-auth"
-SUMMARY = "Merb Slice that provides RESTful authentication functionality for your application."
-GEM_VERSION = "0.9.10"
+SUMMARY = "Merb Slice that adds a full OAuth provider strategy to your application."
+GEM_VERSION = "0.3"
 
 spec = Gem::Specification.new do |s|
   s.rubyforge_project = 'merb'

data/app/controllers/tokens.rb

@@ -18,23 +18,34 @@ class OohAuth::Tokens < OohAuth::Application
   # Define other formats
   provides :js, :xml, :yaml
 
-  # The index and new actions require a signed request.
-  before :ensure_signed,                    :only=>[:index]
+  # Ensure the user is signed in
+  before :ensure_authenticated,             :exclude=>[:index]
   # All other actions require that the user be authenticated directly, rather than through the api.
   before :forbid_authentication_with_oauth, :exclude=>[:index]
   
   # Main action used for starting the authorisation process (desktop clients) and finishing it (web clients)
   def index
-    raise NotAcceptable unless @authenticating_client = request.authenticating_client
-    if @token = request.authentication_token
-      # If client and request key, give the activated token if it was activated.
-      raise NotAcceptable unless @token.authenticating_client == @authenticating_client
+    if session.authenticated?
+      only_provides :html
+      # Authenticated requests should show the list
+      @tokens = OohAuth::Token.find_for_user(session.user)
+      render :index
+    elsif request.signed?
+      # Unauthenticated but signed requests should provision tokens
+      raise NotAcceptable unless @authenticating_client = request.authenticating_client
+      if @token = request.authentication_token
+        # If client and request key, give the activated token if it was activated.
+        raise NotAcceptable unless @token.authenticating_client == @authenticating_client
+      else
+        # Generate a request key
+        @token = OohAuth::Token.create_request_key(@authenticating_client)
+      end
+      # # Okay, no error raised. Gogo render.
+      display @token, :show, :layout=>false
     else
-      # Generate a request key
-      @token = OohAuth::Token.create_request_key(@authenticating_client)
+      # All other requests we DO NOT WANT
+      raise NotAcceptable
     end
-    # # Okay, no error raised. Gogo render.
-    display @token, :show, :layout=>false
   end
 
   def new
@@ -81,14 +92,14 @@ class OohAuth::Tokens < OohAuth::Application
   #  end
   #end
   #
-  #def destroy(id)
-  #  @token = OohAuth::Token.get(id)
-  #  raise NotFound unless @token
-  #  if @token.destroy
-  #    redirect slice_url(:tokens)
-  #  else
-  #    raise InternalServerError
-  #  end
-  #end
+  def destroy(id)
+    @token = OohAuth::Token.get(id)
+    raise NotFound unless @token and @token.user_id == session.user.id
+    if @token.destroy
+      redirect slice_url(:tokens)
+    else
+      raise InternalServerError
+    end
+  end
 
 end # OohAuth::Tokens

data/app/models/authenticating_client/dm_authenticating_client.rb

@@ -10,7 +10,7 @@ class OohAuth::AuthenticatingClient
   # Key it
   property :id,             Serial
   # The registration will belong to a user, who will be able to edit the client properties.
-  property :user_id,        Integer,  :writer => :protected
+  property :user_id,        Integer,  :writer => :private
   # Timestamp it
   property :created_at,     DateTime
    
@@ -64,6 +64,11 @@ class OohAuth::AuthenticatingClient
     self.user_id = user.id
   end
   
+  # LOCK user id after save
+  def user_id=(arg)
+    (new_record?)? attribute_set(:user_id, arg) : arg
+  end
+  
   def editable_by?(user)
     user.id == self.user_id
   end

data/app/models/token/dm_token.rb

@@ -59,6 +59,11 @@ class OohAuth::Token
     o
   end
   
+  # Get all tokens for a single user
+  def self.find_for_user(user)
+    all :user_id=>user.id
+  end
+  
   # Fetch a request_key given the request_key code
   def self.get_request_key_for_client(client, request_key)
     first :token_key=>request_key, :authenticating_client_id=>client.id, :expires.gt=>DateTime.now, :activated=>false

data/app/views/authenticating_clients/_help.html.haml

@@ -0,0 +1 @@
+%h2 Developer Documentation partial

data/app/views/authenticating_clients/edit.html.haml

@@ -0,0 +1,18 @@
+%h1 Edit your Application
+
+=form_for @authenticating_client, :action=>slice_url(:authenticating_client, @authenticating_client), :method=>"put", :class=>"authenticating_client" do
+
+  =error_messages_for @authenticating_client
+
+  %fieldset
+    %legend Application information
+      %dl
+        %dt
+          %label{:for => "ooh_auth_authenticating_clients_name"} Application name
+        %dd= text_field :name, :name=>"authenticating_client[name]", :value=>h(@authenticating_client.name)
+        %dt
+          %label{:for => "ooh_auth_authenticating_clients_name"} Web URL
+        %dd= text_field :web_url, :name=>"authenticating_client[web_url]", :value=>h(@authenticating_client.web_url)
+	%fieldset.buttons
+		%input{:type => "hidden", :name => "_method", :value => "put"}
+		= submit "Submit changes"

data/app/views/authenticating_clients/index.html.erb

@@ -1,6 +1,6 @@
 <h1>Developer API</h1>
 
-<% if session.user %>
+<% if session.authenticated? %>
 
 	<h2>Your Applications</h2>
 

data/app/views/authenticating_clients/index.html.haml

@@ -0,0 +1,16 @@
+%h1 Developer API
+
+-if session.user
+  %h2 Your Applications
+
+  %ul.authenticating_clients
+    %li.new= link_to "Register a new Application", slice_url(:new_authenticating_client), :class=>"new"
+    -@authenticating_clients.each do |ac|
+      %li
+        =link_to h(ac.name), slice_url(:authenticating_client, ac), :class=>"show"
+        =link_to "Edit", slice_url(:edit_authenticating_client, ac), :class=>"edit"
+        =link_to "Unregister", slice_url(:delete_authenticating_client, ac), :class=>"delete"
+-else
+  %p In order to use the Developer API, you'll need to register for an API key. Please log in to begin the process.
+
+= partial "help"

data/app/views/authenticating_clients/new.html.haml

@@ -0,0 +1,45 @@
+%h1 Register for a new API Key
+
+%p
+  %strong Important!
+  Upon successfully adding your application, you will be shown two pieces of information. 
+  You'll be given your
+  %strong API Key
+  , which will allow you to interact with the API, and you'll be given a
+  %strong shared secret
+  which will allow you to verify your requests to the API. 
+  %strong Note both of these down.
+  
+
+= form_for @authenticating_client, :action=>resource(:ooh_auth, :authenticating_clients), :class=>"authenticating_client" do
+  = error_messages_for @authenticating_client
+  %fieldset
+    %legend Some information about your application
+    %dl
+      %dt
+        %label{:for=>"ooh_auth_authenticating_clients_name"} Application name
+      %dd= text_field :name, :name => "authenticating_client[name]", :value=>h(@authenticating_client.name)
+
+      %dt
+        %label{:for=>"ooh_auth_authenticating_clients_name"} Web URL
+      %dd= text_field :web_url, :name=>"authenticating_client[web_url]", :value=>h(@authenticating_client.web_url) 
+      
+  %fieldset
+    %legend Application type
+
+    %dl.checkboxes
+      %dt
+        %label{:for => "ooh_auth_authenticating_clients_kind_web"} This is a web-based application
+      %dd= radio_button :kind, :value=>"web", :name=>"authenticating_client[kind]", :id=>"ooh_auth_authenticating_clients_kind_web", :checked=>@authenticating_client.is_webapp?
+      
+      %dt
+        %label{:for=>"ooh_auth_authenticating_clients_kind_desktop"} This is a desktop or mobile application
+      %dd= radio_button :kind, :value=>"desktop", :name=>"authenticating_client[kind]", :id=>"ooh_auth_authenticating_clients_kind_desktop", :checked=>!@authenticating_client.is_webapp?
+
+  %fieldset.buttons
+    %p
+      When you submit this form, we will generate both two pieces of information for you - an <strong>API Key</strong> and a 
+      %strong Shared Secret
+      They will be shown on the next page. Be sure to record them.
+
+    = submit "Get my API Key"

data/app/views/authenticating_clients/show.html.haml

@@ -0,0 +1,38 @@
+-ac = @authenticating_client
+
+%h1=h ac.name
+
+#facts
+  %h2 About your application:
+
+  %ul
+    %li 
+      This application was registered on
+      = ac.created_at.strftime("%d/%b/%Y")
+
+
+#api_secrets
+  %h2 
+    Your API key details for 
+    %em= ac.name
+    %p
+      Your 
+      %strong Consumer Key 
+      will for the most part be public, although it is useless without the
+      %strong Consumer Secret
+      that goes with it. 
+      You should under no circumstances make your Consumer Secret known by another party, as it can be used to sign the authorization requests that your application will send.
+
+    %dl
+      %dt Your OAuth Consumer Key
+      %dd
+        %a{:href=>"#api_key", :onclick => "this.style.display = 'none'; document.getElementById('api_key').style.display = 'block'; return false;"} Show my API Key
+        %span#api_key.secret.shared{:style => "display: none;"}= ac.api_key
+
+      %dt Your OAuth Consumer Secret
+      %dd
+        %a.shared_secret_toggle{:href => "#shared_secret", :onclick="this.style.display = 'none'; document.getElementById('shared_secret').style.display = 'block'; return false;"}
+          Nobody but myself can see. I have closed my doors, shuttered my windows and, just for today, shunned my loved ones. It is safe to show my Consumer Secret.
+        %span#shared_secret.secret.shared{:style => "display: none;"}= ac.secret
+
+=partial "help"

data/app/views/layout/ooh_auth.html.haml

@@ -0,0 +1,17 @@
+!!!
+%html{ :xmlns => 'http://www.w3.org/1999/xhtml', :'xml:lang' => "en-us", :lang => 'en-us' }
+  %head
+    %meta{ :'http-equiv' => "content-type", :content => "text/html; charset=utf-8" }
+    %title OohAuth Slice
+    
+  / you can override this layout at slices/ooh-auth/app/views/layout/ooh-auth.html.erb
+  %body.ooh-auth
+    #root
+      %h1 OohAuth Slice
+
+      -unless message.blank?
+        %div{:id=>"_message"}
+          =message
+
+      #main
+        =catch_content :for_layout

data/app/views/tokens/create.html.haml

@@ -0,0 +1,33 @@
+-ac = @authenticating_client
+
+
+-if @activated
+  %h1.win 
+    You successfully authorized
+    =ac.name
+
+    %div{:id=>"win facts"}
+      %h2 To access your account:
+      
+      %ul
+        %li 
+          Until 
+          =@token.expires.strftime("%d/%b/%Y")
+        %li 
+          With permission to 
+          = OohAuth[:client_permission_levels][@token.permissions.to_sym][:able_to]
+          .
+      %p
+        %strong You may now close this window or navigate away from this page.
+
+-else
+
+  %h1.fail
+    You denied
+    =ac.name
+    access to your content
+
+  %div{:id=>"fail facts"}
+    %h2 This application will not be able to access your account.
+    %p
+      %strong You may now close this window or navigate away from this page.

data/app/views/tokens/edit.html.haml

@@ -0,0 +1,6 @@
+%h1 Authentications controller, edit action
+
+%p Edit this file in 
+  %tt app/views/authentications/edit.html.erb
+%p For more information and examples of CRUD views read 
+  %a{:href=>"http://wiki.merbivore.com/howto/crud_view_example_with_merb_using_erb"} this wiki page

data/app/views/tokens/index.html.erb

@@ -0,0 +1,9 @@
+<h1>Your Tokens</h1>
+
+<ul class="tokens">
+	<% @tokens.each do |t| %>
+		<li>
+			<%= h(t.authenticating_client.name) %> <%= link_to "Revoke access", slice_url(:delete_token, t) %>
+		</li>
+	<% end %>
+</ul>

data/app/views/tokens/new.html.haml

@@ -0,0 +1,47 @@
+%h1= "#{@authenticating_client.name} wants access to your account!"
+
+%p.abstract
+  The application
+  = link_to h(@authenticating_client.name), @authenticating_client.web_url 
+  wants access to your content.
+
+%h2 Grant this application access to your account
+=form_for @authenticating_client, :action=>slice_url(:tokens), :class=>"authentication" do 
+  %fieldset
+    %p.confirmation
+      =h @authenticating_client.name
+      will be granted access to your data. 
+      The application will 
+      %strong not
+      have the ability to grant access to other applications.
+      You will be able to revoke this access at a later date if you so choose.
+
+
+    %input{:type=>"hidden", :name => "oauth_token", :value =>"#{@token.token_key}"}
+    -if request.callback
+      %input{:type => "hidden", :name => "oauth_callback", :value=>"#{@request.callback}"}
+
+  %fieldset
+    %legend Options
+    %dl
+      %dt
+        %label{:for=>"token_expires"} Allow access until
+      %dd
+        %select.token_expires{:name=>"token[expires]"}
+          %option{:value => "2999-12-31"} Further notice
+          / or when Philip J. Fry wakes up
+          %option{:value => (Date.today + 1.year).strftime("%Y-%m-%d")} 1 year from now
+          %option{:value => (Date.today + 1.month).strftime("%Y-%m-%d")} 1 month from now
+          %option{:value => (Date.today + 1.week).strftime("%Y-%m-%d")} 1 week from now
+          %option{:value => (Date.today + 1.day).strftime("%Y-%m-%d")} 1 day from now
+      
+      %dt
+        %label{:for=>"token_permissions"} Allow this application to
+      %dd
+        %select.token_permissions{:name=>"token[permissions]"}
+          -OohAuth[:client_permission_levels].each do |name, opts|
+            %option{:value => "#{name}"}= opts[:able_to]
+
+  %fieldset.buttons
+    =submit "Grant access", :name=>"commit", :value=>"allow"
+    =submit "Deny access", :name=>"commit", :value=>"deny"

data/app/views/tokens/show.html.haml

@@ -0,0 +1 @@
+="oauth_token=#{@token.token_key}&oauth_token_secret=#{@token.secret}"

data/lib/ooh-auth.rb

@@ -46,8 +46,8 @@ if defined?(Merb::Plugins)
   module OohAuth
     
     # Slice metadata
-    self.description = "OohAuth is Merb slice that extends merb-auth-more with RESTful authentication"
-    self.version = "0.1.2"
+    self.description = "OohAuth is Merb slice that extends merb-auth-more with a full OAuth provider"
+    self.version = "0.1.3"
     self.author = "Dan Glegg"
     self.identifier = "ooh-auth"
     

data/spec/controllers/authenticating_clients_spec.rb

@@ -19,7 +19,13 @@ describe OohAuth::AuthenticatingClients do
       @controller.should be_successful
       lambda {@controller = dispatch_to(OohAuth::AuthenticatingClients, :new)}.should raise_error(Merb::Controller::Unauthenticated)
     end
-    it "should show a list of clients when authenticated"
+    it "should successfully render a list when authenticated" do
+      @user = user_class.gen
+      @controller = OohAuth::AuthenticatingClients.new(Merb::Test::RequestHelper::FakeRequest.new)
+      @controller.request.session.user = @user
+      @controller.index
+      @controller.should be_successful
+    end
   end
   
   describe "new/create action" do 
@@ -92,12 +98,12 @@ describe OohAuth::AuthenticatingClients do
       @controller.edit(@authenticating_client.id)
       @controller.should be_successful
     end
-    it "cannot be used to reassign apps to other users" #do
+    it "cannot be used to reassign apps to other users" do
     # Waiting on ticket: http://wm.lighthouseapp.com/projects/4819/tickets/669-problem-with-protected-attribute-mass-assignment#ticket-669-1
     # related to problems preventing mass-assignment.
-    #  @controller.update(@authenticating_client.id, {:user_id=>@user.id+50})
-    #  @controller.assigns(:authenticating_client).user_id.should == @user.id
-    #end
+      @controller.update(@authenticating_client.id, {:user_id=>@user.id+50})
+      @controller.assigns(:authenticating_client).user_id.should == @user.id
+    end
     it "should show a form with errors when given bad input" do
       @controller.update(@authenticating_client.id, {:name=>""})
       @controller.should be_successful
@@ -111,8 +117,24 @@ describe OohAuth::AuthenticatingClients do
     end
   end
   
-  describe "delete action" do 
-    it "should not be destroyable by any user other than the owning user"
+  describe "delete action" do
+    before :each do
+      @user = user_class.gen
+      @bad_user = user_class.gen
+      @authenticating_client = OohAuth::AuthenticatingClient.gen(:user=>@user)
+      @other_authenticating_client = OohAuth::AuthenticatingClient.gen
+      @controller = OohAuth::AuthenticatingClients.new(Merb::Test::RequestHelper::FakeRequest.new)
+      @controller.request.session.user = @bad_user
+    end
+    
+    it "should not be destroyable by any user other than the owning user" do
+      c = OohAuth::AuthenticatingClient.count
+      lambda {@controller.destroy(@authenticating_client.id)}.should raise_error(Merb::Controller::NotFound)
+      @controller.request.session.user = @user
+      c.should == OohAuth::AuthenticatingClient.count
+      lambda {@controller.destroy(@authenticating_client.id)}.should_not raise_error(Merb::Controller::NotFound)      
+      (c-1).should == OohAuth::AuthenticatingClient.count
+    end
   end
 
 end

data/spec/controllers/tokens_spec.rb

@@ -62,6 +62,15 @@ describe OohAuth::Tokens do
       )
       lambda {@controller.index}.should raise_error(Merb::Controller::NotAcceptable)
     end
+    
+    it "should show a list of tokens for a user when the user is authenticated" do
+      @user = user_class.gen
+      @controller = OohAuth::Tokens.new(Merb::Test::RequestHelper::FakeRequest.new)
+      @controller.request.session.user = @user
+      @controller.index
+      @controller.should be_successful
+      @controller.assigns(:tokens).should be_kind_of(Array)
+    end
   end
 
   
@@ -164,10 +173,29 @@ describe OohAuth::Tokens do
   #  it "should only allow the expiry and permission level to be altered"
   #end
   #
-  #describe "delete/destroy action" do
-  #  it "should only be accessible by the token's owning user"
-  #  it "should return a 404 not found for other users"
-  #  it "should remove all authentications for this user/application if multiple records are present"
-  #end
+  describe "delete/destroy action" do
+    before :each  do
+      @user =         user_class.gen
+      @bad_user =     user_class.gen
+      @desktop_app =  OohAuth::AuthenticatingClient.gen(:kind=>"desktop")
+      @access_key =   OohAuth::Token.create_request_key(@desktop_app, 1.hour.since)
+      @access_key.activate!(@user)
+      @date =         Date.today + 5.years
+      @controller =   OohAuth::Tokens.new(Merb::Test::RequestHelper::FakeRequest.new)
+    end
+    
+    it "should require authentication" do
+      lambda {dispatch_to(OohAuth::Tokens, :destroy)}.should raise_error(Merb::Controller::Unauthenticated)
+    end
+    it "should only be accessible by the token's owning user" do
+      c = OohAuth::Token.count
+      @controller.request.session.user = @bad_user
+      lambda {@controller.destroy(@access_key.id)}.should raise_error(Merb::Controller::NotFound)
+      @controller.request.session.user = @user
+      c.should == OohAuth::Token.count
+      lambda {@controller.destroy(@access_key.id)}.should_not raise_error(Merb::Controller::NotFound)
+      (c-1).should == OohAuth::Token.count
+    end
+  end
   
 end

data/spec/models/authenticating_client_spec.rb

@@ -34,8 +34,6 @@ describe OohAuth::AuthenticatingClient do
     @authenticating_client.secret.should == ss
   end
   
-  it "should not allow internal URLs to be given as callback URLs"
-
   it "should return an empty array when find_for_user is called with nil" do
     arr = OohAuth::AuthenticatingClient.find_for_user(nil)
     arr.length.should == 0

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: danski-ooh-auth
 version: !ruby/object:Gem::Version 
-  version: 0.1.20
+  version: "0.3"
 platform: ruby
 authors: 
 - Dan Glegg
@@ -9,18 +9,9 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2008-10-22 00:00:00 -07:00
+date: 2009-01-15 00:00:00 -08:00
 default_executable: 
 dependencies: 
-- !ruby/object:Gem::Dependency 
-  name: ruby-hmac
-  version_requirement: 
-  version_requirements: !ruby/object:Gem::Requirement 
-    requirements: 
-    - - ">="
-      - !ruby/object:Gem::Version 
-        version: 0.3.2
-    version: 
 - !ruby/object:Gem::Dependency 
   name: merb-slices
   version_requirement: 
@@ -30,19 +21,21 @@ dependencies:
       - !ruby/object:Gem::Version 
         version: 0.9.10
     version: 
-description: Merb slice that adds OAuth provider capabilities to any merb-auth application.
-email: dan@angryameoba.co.uk
+description: Merb Slice that adds a full OAuth provider strategy to your application.
+email: dan@angryamoeba.co.uk
 executables: []
 
 extensions: []
 
 extra_rdoc_files: 
-- readme.markdown
+- README
 - LICENSE
+- TODO
 files: 
 - LICENSE
-- readme.markdown
+- README
 - Rakefile
+- TODO
 - lib/ooh-auth
 - lib/ooh-auth/authentication_mixin.rb
 - lib/ooh-auth/controller_mixin.rb
@@ -84,17 +77,28 @@ files:
 - app/views
 - app/views/authenticating_clients
 - app/views/authenticating_clients/_help.html.erb
+- app/views/authenticating_clients/_help.html.haml
 - app/views/authenticating_clients/edit.html.erb
+- app/views/authenticating_clients/edit.html.haml
 - app/views/authenticating_clients/index.html.erb
+- app/views/authenticating_clients/index.html.haml
 - app/views/authenticating_clients/new.html.erb
+- app/views/authenticating_clients/new.html.haml
 - app/views/authenticating_clients/show.html.erb
+- app/views/authenticating_clients/show.html.haml
 - app/views/layout
 - app/views/layout/ooh_auth.html.erb
+- app/views/layout/ooh_auth.html.haml
 - app/views/tokens
 - app/views/tokens/create.html.erb
+- app/views/tokens/create.html.haml
 - app/views/tokens/edit.html.erb
+- app/views/tokens/edit.html.haml
+- app/views/tokens/index.html.erb
 - app/views/tokens/new.html.erb
+- app/views/tokens/new.html.haml
 - app/views/tokens/show.html.erb
+- app/views/tokens/show.html.haml
 - public/javascripts
 - public/javascripts/master.js
 - public/stylesheets
@@ -128,6 +132,6 @@ rubyforge_project: merb
 rubygems_version: 1.2.0
 signing_key: 
 specification_version: 2
-summary: Merb Slice that provides RESTful authentication functionality for your application.
+summary: Merb Slice that adds a full OAuth provider strategy to your application.
 test_files: []
 

data/readme.markdown

@@ -1,43 +0,0 @@
-There's Auth, there's OAuth, and there's OohAuth.
-=================================================
-
-OohAuth extends merb-auth-more with a functionally-complete approach to OAuth, turning your merb-auth applications into full OAuth providers.
-
-OAuth at a glance:
-==================
-
-* Your users won't have to give their names and passwords to client applications
-* Your users can revoke or limit access from a particular client at any time
-* Your users do not have to give client applications everything they need to steal their account
-* Your developer community can authenticate using a solid authentication schema endorsed by [industry giants](http://google.com)
-* Resilient to both man-in-the-middle and signature replay attacks.
-
-OohAuth gives you:
-========================
-
-* Integration with merb-auth and your application's own User model
-* RESTful creation of API keys for client apps
-* RESTful creation of request and access tokens to allow client apps to authenticate on behalf of users
-* merb-auth strategies for both web-based and non web-based API authentication.
-
-It depends on:
-==============
-
-* merb-slices
-* merb-action-args
-* merb-auth-core
-* merb-auth-more
-* nokogiri (tests only)
-* ruby-hmac
-* Erb **(we need your help to get started on HAML support)**
-* datamapper **(we need your help to become ORM-agnostic)**
-
-You should read:
-================
-
-* [Why we wrote it](http://singlecell.angryamoeba.co.uk/post/62022487/the-api-antipattern-twitter-and-the-fail-whales-new)
-* [OohAuth on github](http://github.com/danski/ooh-auth)
-* [OAuth 1.0 specification](http://oauth.net/core/1.0) a hefty spec document containing instructions for authenticating with OAuth apps and more.
-* [securing.markdown](http://github.com/danski/ooh-auth/tree/master/securing.markdown), your guide to properly securing an application using OohAuth.
-* [OohAuth's bugtracker on Tails](http://www.bugtails.com/projects/171)
-