exvo-auth 0.12.2 → 0.13.0

data/.gitignore

@@ -1,3 +1,6 @@
+*.gem
 .bundle
-pkg
+.rvmrc
 Gemfile.lock
+pkg/*
+log/*

data/README.md

@@ -0,0 +1,155 @@
+# OAuth2
+
+* Get familiar with [OmniAuth by Intridea](http://github.com/intridea/omniauth). Read about OAuth2.
+* Obtain `client_id` and `client_secret` for your app from Exvo.
+* Install `exvo-auth` gem and add it to your Gemfile.
+
+
+
+## Middleware configuration
+
+The preferred way to configure the gem is via the ENV variables:
+
+```ruby
+ENV['AUTH_CLIENT_ID']     = "foo"
+ENV['AUTH_CLIENT_SECRET'] = "bar"
+ENV['AUTH_DEBUG']         = true            # [OPTIONAL] dumps all HTTP traffic to STDERR, useful during development
+ENV['AUTH_REQUIRE_SSL']   = false           # [OPTIONAL] disable SSL, useful in development (note that all apps API urls must be http, not https)
+ENV['AUTH_HOST']          = "test.exvo.com" # [OPTIONAL] override the default auth host
+```
+
+Then add this line to `config/application.rb`:
+
+```ruby
+config.middleware.use ExvoAuth::Middleware
+```
+
+But you can also set things directly in the `config/application.rb` file (before the middleware declaration):
+
+```ruby
+ExvoAuth::Config.client_id     = "foo"
+ExvoAuth::Config.client_secret = "bar"
+ExvoAuth::Config.debug         = true
+ExvoAuth::Config.require_ssl   = false
+ExvoAuth::Config.host          = "test.exvo.com"
+```
+
+
+## Add routes
+
+The following comes from Rails `config/routes.rb` file:
+
+```ruby
+match "/auth/failure"                  => "sessions#failure"
+match "/auth/interactive/callback"     => "sessions#create"
+match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
+match "/sign_out"                      => "sessions#destroy"
+```
+
+Failure url is called whenever there's a failure (d'oh).
+
+You can have separate callbacks for interactive and non-interactive callback routes but you can also route both callbacks to the same controller method like shown above.
+
+
+## Include controller helpers into your application controller
+
+```ruby
+include ExvoAuth::Controllers::Rails # (or Merb)
+```
+
+
+## Implement a sessions controller
+
+Sample implementation (Rails):
+
+```ruby
+class SessionsController < ApplicationController
+  def create
+    sign_in_and_redirect!
+  end
+
+  def destroy
+    sign_out_and_redirect!
+  end
+
+  def failure
+    render :text => "Sorry!"
+  end
+end
+```
+
+
+## Implement `#find_or_create_user_by_uid(uid)` in your Application Controller
+
+This method will be called by `#current_user`. Previously we did this in `sessions_controller` but since the sharing sessions changes this controller will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
+
+Exemplary implementation (Rails):
+
+```ruby
+def find_or_create_user_by_uid(uid)
+  User.find_or_create_by_uid(uid)
+end
+```
+
+Additional info (emails, etc) can be obtained using auth api (`/users/uid.json` path).
+
+In short: you get `params[:auth]`. Do what you want to do with it: store the data, create session, etc.
+
+
+## Sign up and sign in paths for use in links
+
+```ruby
+sign in path:                       "/auth/interactive"
+sign up path:                       "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
+sign in path with a return address: "/auth/interactive?state=url"      # using OAuth2 state param
+```
+
+You have a handy methods available in controllers (and views in Rails): `sign_in_path` and `sign_up_path`.
+
+
+## Read the source, there are few features not mentioned in this README
+
+
+# Inter-Application Communication
+
+You need to have "App Authorization" created by Exvo first.
+
+Contact us and provide following details:
+
+* `consumer_id` - Id of an app that will be a consumer (this is you)
+* `provider_id` - Id of the provider app
+* `scope`       - The tag associated with the api you want to use in the provider app
+
+
+## Consumer side
+
+```ruby
+consumer = ExvoAuth::Autonomous::Consumer.new(
+  :app_id => "this is client_id of the app you want to connect to"
+)
+consumer.get(*args) # interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
+```
+
+
+## Provider side
+
+See `#authenticate_app_in_scope!(scope)` method in `ExvoAuth::Controllers::Rails` (or Merb). This method lets you create a before filter.
+Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
+If scopes are empty, then provider app should not present any resources to consumer.
+
+
+## Example of the before filter for provider controller:
+
+```ruby
+before_filter {|c| c.authenticate_app_in_scope!("payments") }
+```
+
+In provider controller, which is just a fancy name for API controller, you can use `#current_app_id` method to get the app_id of the app connecting.
+
+
+# Dejavu - replay non-GET requests after authentication redirects
+
+## Limitations:
+
+* doesn't work with file uploads
+* all request params become query params when replayed

data/exvo-auth.gemspec

@@ -7,7 +7,7 @@ Gem::Specification.new do |s|
   s.platform    = Gem::Platform::RUBY
   s.authors     = ["Jacek Becela"]
   s.email       = ["jacek.becela@gmail.com"]
-  s.homepage    = "http://rubygems.org/gems/exvo-auth"
+  s.homepage    = "https://github.com/Exvo/Auth"
   s.summary     = "Sign in with Exvo account"
   s.description = "Sign in with Exvo account"
 
@@ -19,9 +19,14 @@ Gem::Specification.new do |s|
   s.add_dependency "activemodel", "~> 3.0.0"
   s.add_dependency "actionpack",  "~> 3.0.0"
 
-  s.add_development_dependency "mocha",     "~> 0.9.8"
-  s.add_development_dependency "test-unit", "~> 2.1.0"
-  s.add_development_dependency "bundler",   "~> 1.0.0"
+  s.add_development_dependency "mocha"
+  s.add_development_dependency "test-unit"
+  s.add_development_dependency "bundler"
+  s.add_development_dependency "rake"
+  s.add_development_dependency "guard"
+  s.add_development_dependency "guard-test"
+  s.add_development_dependency "rb-fsevent"
+  s.add_development_dependency "rb-inotify"
 
   s.files        = `git ls-files`.split("\n")
   s.executables  = `git ls-files`.split("\n").map{|f| f =~ /^bin\/(.*)/ ? $1 : nil}.compact

data/lib/exvo_auth/autonomous/auth.rb

@@ -3,7 +3,7 @@ class ExvoAuth::Autonomous::Auth
   include ExvoAuth::Autonomous::Http
   
   def base_uri
-    ExvoAuth::Config.host
+    ExvoAuth::Config.uri
   end
   
   def username

data/lib/exvo_auth/config.rb

@@ -1,56 +1,95 @@
 module ExvoAuth::Config
   def self.debug
-    @@debug = false unless defined?(@@debug)
-    @@debug
+    @@debug ||= ENV['AUTH_DEBUG'] || false
   end
 
   def self.debug=(debug)
     @@debug = debug
   end
 
-  def self.host 
-    @@host ||= 'https://auth.exvo.com' 
+  def self.host
+    @@host ||= ENV['AUTH_HOST'] || default_opts[env.to_sym][:host]
   end
-  
-  def self.host=(host) 
-    @@host = host 
+
+  def self.host=(host)
+    @@host = host
+  end
+
+  def self.uri
+    if host =~ /^http(s)*/
+      # Legacy compatibility, when `host` was incorrectly used as `uri`
+      host
+    else
+      require_ssl ? "https://#{host}" : "http://#{host}"
+    end
   end
-  
+
   def self.callback_key
     @@callback_key ||= '_callback'
   end
-  
+
   def self.callback_key=(callback_key)
-    @@callback_key = callback_key 
+    @@callback_key = callback_key
   end
-  
+
   def self.client_id
-    @@client_id ||= nil
+    @@client_id ||= ENV['AUTH_CLIENT_ID']
   end
-  
+
   def self.client_id=(client_id)
     @@client_id = client_id
   end
-  
+
   def self.client_secret
-    @@client_secret ||= nil 
+    @@client_secret ||= ENV['AUTH_CLIENT_SECRET']
   end
 
   def self.client_secret=(client_secret)
     @@client_secret = client_secret
   end
-  
+
   def self.require_ssl
-    @@require_ssl = true unless defined?(@@require_ssl)
-    @@require_ssl
+    @@require_ssl ||= ENV['AUTH_REQUIRE_SSL'] || default_opts[env.to_sym][:require_ssl]
   end
 
-  # Set this to false during development ONLY!
   def self.require_ssl=(require_ssl)
     @@require_ssl = require_ssl
   end
-  
+
+  def self.env
+    @@env ||= Rails.env if defined?(Rails)
+    @@env ||= Merb.env if defined?(Merb)
+    @@env
+  end
+
+  def self.env=(env)
+    @@env = env
+  end
+
   def self.cfs_id
     "fb0e7bd5864aa0186630212d800af8a6"
   end
+
+  private
+
+  def self.default_opts
+    {
+      :production => {
+        :host => 'auth.exvo.com',
+        :require_ssl => true
+      },
+      :staging => {
+        :host => 'staging.auth.exvo.com',
+        :require_ssl => false
+      },
+      :development => {
+        :host => 'auth.exvo.local',
+        :require_ssl => false
+      },
+      :test => {
+        :host => 'auth.exvo.local',
+        :require_ssl => false
+      }
+    }
+  end
 end

data/lib/exvo_auth/controllers/base.rb

@@ -20,7 +20,7 @@ module ExvoAuth::Controllers::Base
     session[:user_uid] = request.env["rack.request.query_hash"]["auth"]["uid"]
 
     url = if params[:state] == "popup"
-      ExvoAuth::Config.host + "/close_popup.html"
+      ExvoAuth::Config.uri + "/close_popup.html"
     elsif params[:state] # if not popup then an url
       params[:state]
     else
@@ -81,7 +81,7 @@ module ExvoAuth::Controllers::Base
   end
 
   def sign_out_url(return_to)
-    ExvoAuth::Config.host + "/users/sign_out?" + Rack::Utils.build_query({ :return_to => return_to })
+    ExvoAuth::Config.uri + "/users/sign_out?" + Rack::Utils.build_query({ :return_to => return_to })
   end
 
   def non_interactive_sign_in_path(params = {})

data/lib/exvo_auth/strategies/base.rb

@@ -1,11 +1,11 @@
 class ExvoAuth::Strategies::Base < OmniAuth::Strategies::OAuth2
   def initialize(app, name, options = {})
-    options[:site]          ||= ExvoAuth::Config.host
+    options[:site]          ||= ExvoAuth::Config.uri
     options[:client_id]     ||= ExvoAuth::Config.client_id
     options[:client_secret] ||= ExvoAuth::Config.client_secret
     
     if options[:site].nil? || options[:client_id].nil? || options[:client_secret].nil?
-      raise(ArgumentError, "Please configure host, client_id and client_secret")
+      raise(ArgumentError, "Please configure uri, client_id and client_secret")
     end
     
     super(app, name, options.delete(:client_id), options.delete(:client_secret), options)

data/lib/exvo_auth/version.rb

@@ -1,3 +1,3 @@
 module ExvoAuth
-  VERSION = "0.12.2"
+  VERSION = "0.13.0"
 end

data/test/helper.rb

@@ -1,5 +1,4 @@
 require 'rubygems'
-gem 'test-unit'
 require 'test/unit'
 require 'mocha'
 require 'exvo-auth'

data/test/test_exvo_auth.rb

@@ -5,13 +5,13 @@ class TestExvoAuth < Test::Unit::TestCase
     ExvoAuth::Config.client_id     = "foo"
     ExvoAuth::Config.client_secret = "bar"
   end
-  
+
   test "consumer sanity" do
     c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
     authorization = { "access_token" => "qux", "url" => "https://foo/api" }
     auth = stub(:get => { "authorization" => authorization })
     c.expects(:auth).returns(auth)
-    
+
     assert_equal authorization, c.send(:authorization)
     assert_equal authorization, c.send(:authorization) # second time from cache, without touching httparty
   end
@@ -20,11 +20,11 @@ class TestExvoAuth < Test::Unit::TestCase
     p = ExvoAuth::Autonomous::Provider.new(:app_id => "baz", :access_token => "qux")
     auth = stub(:get => {"scope" => "qux quux"})
     p.expects(:auth).returns(auth)
-    
+
     assert_equal ["qux", "quux"], p.scopes
     assert_equal ["qux", "quux"], p.scopes # second time from cache, without touching httparty
   end
-  
+
   test "integration of httparty interface with auth" do
     c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
     basement = mock("basement")
@@ -34,9 +34,36 @@ class TestExvoAuth < Test::Unit::TestCase
     c.expects(:basement).at_least_once.returns(basement)
     assert_true c.get("/bar")
   end
-  
+
   test "basement includes httparty" do
     c = ExvoAuth::Autonomous::Consumer.new(:app_id => "baz")
     assert_true c.send(:basement).included_modules.include?(HTTParty)
   end
+
+  test "host setting based on production environment" do
+    ExvoAuth::Config.host = nil # invalidate memoization
+    ExvoAuth::Config.expects(:env).returns('production')
+    assert_equal ExvoAuth::Config.host, 'auth.exvo.com'
+  end
+
+  test "host setting based on development environment" do
+    ExvoAuth::Config.host = nil # invalidate memoization
+    ExvoAuth::Config.expects(:env).returns('development')
+    assert_equal ExvoAuth::Config.host, 'auth.exvo.local'
+  end
+
+  test "ssl not being required by default in development environment" do
+    ExvoAuth::Config.require_ssl = nil # invalidate memoization
+    ExvoAuth::Config.expects(:env).returns('development')
+    assert_false ExvoAuth::Config.require_ssl
+  end
+
+  test "ENV setting overrides default auth host setting" do
+    ExvoAuth::Config.host = nil # invalidate memoization
+    host = 'test.exvo.com'
+    ENV['AUTH_HOST'] = host
+    ExvoAuth::Config.expects(:env).at_least(0)
+    assert_equal host, ExvoAuth::Config.host
+    ENV['AUTH_HOST'] = nil
+  end
 end

data/test/test_integration.rb

@@ -2,10 +2,11 @@ require 'helper'
 
 class TestIntegration < Test::Unit::TestCase
   def setup
-    ExvoAuth::Config.host          = "https://staging.auth.exvo.com"
+    ExvoAuth::Config.host          = "staging.auth.exvo.com"
     ExvoAuth::Config.client_id     = "foo"
     ExvoAuth::Config.client_secret = "bar"
     ExvoAuth::Config.debug         = true
+    ExvoAuth::Config.require_ssl   = true
   end
   
   test "integration with staging.auth.exvo.com" do

metadata

@@ -1,148 +1,158 @@
---- !ruby/object:Gem::Specification 
+--- !ruby/object:Gem::Specification
 name: exvo-auth
-version: !ruby/object:Gem::Version 
-  hash: 43
-  prerelease: false
-  segments: 
-  - 0
-  - 12
-  - 2
-  version: 0.12.2
+version: !ruby/object:Gem::Version
+  version: 0.13.0
+  prerelease: 
 platform: ruby
-authors: 
+authors:
 - Jacek Becela
 autorequire: 
 bindir: bin
 cert_chain: []
-
-date: 2011-09-19 00:00:00 +02:00
-default_executable: 
-dependencies: 
-- !ruby/object:Gem::Dependency 
+date: 2011-11-03 00:00:00.000000000Z
+dependencies:
+- !ruby/object:Gem::Dependency
   name: oa-oauth
-  prerelease: false
-  requirement: &id001 !ruby/object:Gem::Requirement 
+  requirement: &83727760 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 0
-        - 0
-        - 4
+      - !ruby/object:Gem::Version
         version: 0.0.4
   type: :runtime
-  version_requirements: *id001
-- !ruby/object:Gem::Dependency 
-  name: httparty
   prerelease: false
-  requirement: &id002 !ruby/object:Gem::Requirement 
+  version_requirements: *83727760
+- !ruby/object:Gem::Dependency
+  name: httparty
+  requirement: &83727530 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 5
-        segments: 
-        - 0
-        - 6
-        - 1
+      - !ruby/object:Gem::Version
         version: 0.6.1
   type: :runtime
-  version_requirements: *id002
-- !ruby/object:Gem::Dependency 
-  name: activemodel
   prerelease: false
-  requirement: &id003 !ruby/object:Gem::Requirement 
+  version_requirements: *83727530
+- !ruby/object:Gem::Dependency
+  name: activemodel
+  requirement: &83727300 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id003
-- !ruby/object:Gem::Dependency 
-  name: actionpack
   prerelease: false
-  requirement: &id004 !ruby/object:Gem::Requirement 
+  version_requirements: *83727300
+- !ruby/object:Gem::Dependency
+  name: actionpack
+  requirement: &83727070 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
+    requirements:
     - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 7
-        segments: 
-        - 3
-        - 0
-        - 0
+      - !ruby/object:Gem::Version
         version: 3.0.0
   type: :runtime
-  version_requirements: *id004
-- !ruby/object:Gem::Dependency 
-  name: mocha
   prerelease: false
-  requirement: &id005 !ruby/object:Gem::Requirement 
+  version_requirements: *83727070
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: &83726880 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 43
-        segments: 
-        - 0
-        - 9
-        - 8
-        version: 0.9.8
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id005
-- !ruby/object:Gem::Dependency 
-  name: test-unit
   prerelease: false
-  requirement: &id006 !ruby/object:Gem::Requirement 
+  version_requirements: *83726880
+- !ruby/object:Gem::Dependency
+  name: test-unit
+  requirement: &83726650 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 11
-        segments: 
-        - 2
-        - 1
-        - 0
-        version: 2.1.0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id006
-- !ruby/object:Gem::Dependency 
+  prerelease: false
+  version_requirements: *83726650
+- !ruby/object:Gem::Dependency
   name: bundler
+  requirement: &83726440 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
   prerelease: false
-  requirement: &id007 !ruby/object:Gem::Requirement 
+  version_requirements: *83726440
+- !ruby/object:Gem::Dependency
+  name: rake
+  requirement: &83726230 !ruby/object:Gem::Requirement
     none: false
-    requirements: 
-    - - ~>
-      - !ruby/object:Gem::Version 
-        hash: 23
-        segments: 
-        - 1
-        - 0
-        - 0
-        version: 1.0.0
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *83726230
+- !ruby/object:Gem::Dependency
+  name: guard
+  requirement: &83726020 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *83726020
+- !ruby/object:Gem::Dependency
+  name: guard-test
+  requirement: &83725810 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
   type: :development
-  version_requirements: *id007
+  prerelease: false
+  version_requirements: *83725810
+- !ruby/object:Gem::Dependency
+  name: rb-fsevent
+  requirement: &83725600 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *83725600
+- !ruby/object:Gem::Dependency
+  name: rb-inotify
+  requirement: &83725390 !ruby/object:Gem::Requirement
+    none: false
+    requirements:
+    - - ! '>='
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: *83725390
 description: Sign in with Exvo account
-email: 
+email:
 - jacek.becela@gmail.com
 executables: []
-
 extensions: []
-
 extra_rdoc_files: []
-
-files: 
+files:
 - .gitignore
 - Gemfile
-- README.markdown
+- README.md
 - Rakefile
 - exvo-auth.gemspec
 - lib/exvo-auth.rb
@@ -169,41 +179,28 @@ files:
 - test/helper.rb
 - test/test_exvo_auth.rb
 - test/test_integration.rb
-has_rdoc: true
-homepage: http://rubygems.org/gems/exvo-auth
+homepage: https://github.com/Exvo/Auth
 licenses: []
-
 post_install_message: 
 rdoc_options: []
-
-require_paths: 
+require_paths:
 - lib
-required_ruby_version: !ruby/object:Gem::Requirement 
+required_ruby_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 3
-      segments: 
-      - 0
-      version: "0"
-required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
+      version: '0'
+required_rubygems_version: !ruby/object:Gem::Requirement
   none: false
-  requirements: 
-  - - ">="
-    - !ruby/object:Gem::Version 
-      hash: 23
-      segments: 
-      - 1
-      - 3
-      - 6
+  requirements:
+  - - ! '>='
+    - !ruby/object:Gem::Version
       version: 1.3.6
 requirements: []
-
 rubyforge_project: exvo-auth
-rubygems_version: 1.3.7
+rubygems_version: 1.8.10
 signing_key: 
 specification_version: 3
 summary: Sign in with Exvo account
 test_files: []
-

data/README.markdown

@@ -1,108 +0,0 @@
-#OAuth2
-
-- Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.
-- Obtain client_id and client_secret for your app from Exvo.
-- Install exvo-auth gem or add it to your Gemfile.
-
-
-##Configure middleware.
-
-In Rails, the relevant lines could look like this:
-
-    ExvoAuth::Config.client_id     = "foo"
-    ExvoAuth::Config.client_secret = "bar"
-    ExvoAuth::Config.debug         = true # dumps all HTTP traffic to STDERR, useful during development.
-    config.middleware.use ExvoAuth::Middleware
-
-
-##Add routes.
-
-The following comes from Rails config/routes.rb file:
-
-    match "/auth/failure"                  => "sessions#failure"
-    match "/auth/interactive/callback"     => "sessions#create"
-    match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
-    match "/sign_out"                      => "sessions#destroy"
-
-Failure url is called whenever there's a failure (d'oh).
-You can have separate callbacks for interactive and non-interactive
-callback routes but you can also route both callbacks to the same controller method
-like shown above.
-
-##Include controller helpers into your application controller.
-
-    include ExvoAuth::Controllers::Rails (or Merb)
-
-##Implement a sessions controller.
-
-Sample implementation (Rails):
-
-    class SessionsController < ApplicationController
-      def create
-        sign_in_and_redirect!
-      end
-
-      def destroy
-        sign_out_and_redirect!
-      end
-
-      def failure
-        render :text => "Sorry!"
-      end
-    end
-
-##Implement #find_or_create_user_by_uid(uid) in your Application Controller.
-
-This method will be called by #current_user. Previously we did this in sessions_controller but since the sharing sessions changes this controller
-will not be used in most cases because the session comes from another app through a shared cookie. This method should find user by uid or create it.
-Additional info (emails, etc) can be obtained using auth api (/users/uid.json path).
-
-In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.
-
-
-##Sign up and sign in paths for use in links.
-
-    sign in path:                       "/auth/interactive"
-    sign up path:                       "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param
-    sign in path with a return address: "/auth/interactive?state=url"      # using OAuth2 state param
-
-You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.
-
-##Read the source, there are few features not mentioned in this README.
-
-
-#Inter-Application Communication
-
-You need to have "App Authorization" created by Exvo first.
-Contact us and provide following details:
-
-- consumer_id - Id of an app that will be a consumer (this is you)
-- provider_id - Id of the provider app
-- scope       - The tag associated with the api you want to use in the provider app
-
-##Consumer side
-
-    consumer = ExvoAuth::Autonomous::Consumer.new(
-      :app_id => "this is client_id of the app you want to connect to"
-    )
-    consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).
-
-##Provider side
-
-See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
-Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
-If scopes are empty, then provider app should not present any resources to consumer.
-
-##Example of the before filter for provider controller:
-
-    before_filter {|c| c.authenticate_app_in_scope!("payments") }
-
-In provider controller which is just a fancy name for API controller you can use #current_app_id method to get the app_id of the app connecting.
-
-
-#Dejavu - replay non-GET requests after authentication redirects
-
-##Limitations:
-
-- doesn't work with file uploads
-- all request params become query params when replayed