opro 0.4.0 → 0.4.1

data/app/controllers/opro/oauth/tests_controller.rb

@@ -8,9 +8,9 @@ class Opro::Oauth::TestsController < OproController
 
   def show
     result = if valid_oauth?
-      {:status => 200, :message => 'OAuth Worked!!', :params => params, :user_id => oauth_user.id }
+      {:status => 200, :message => 'OAuth worked!', :params => params, :user_id => oauth_user.id }
     else
-      {:status => :unauthorized, :message => "OAuth Did not Work :(  #{generate_oauth_error_message!}", :params => params}
+      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
     end
 
     respond_to do |format|
@@ -25,9 +25,9 @@ class Opro::Oauth::TestsController < OproController
 
   def create
     result = if valid_oauth?
-      {:status => 200, :message => 'OAuth Worked!!', :params => params, :user_id => oauth_user.id }
+      {:status => 200, :message => 'OAuth worked!', :params => params, :user_id => oauth_user.id }
     else
-      {:status => :unauthorized, :message => "OAuth Did not Work D:  #{generate_oauth_error_message!}", :params => params}
+      {:status => :unauthorized, :message => "OAuth did not work :(  #{generate_oauth_error_message!}", :params => params}
     end
 
     respond_to do |format|
@@ -42,9 +42,9 @@ class Opro::Oauth::TestsController < OproController
 
   def destroy
     result = if valid_oauth?
-      {:status => 200, :message => 'OHNO!!! OAuth is Disabled on this Action, this is bad', :params => params}
+      {:status => 200, :message => 'OH NO!!! OAuth is disabled on this action; this is bad', :params => params}
     else
-      {:status => :unauthorized, :message => "Oauth is Disabled on this Action, this is the correct result!", :params => params}
+      {:status => :unauthorized, :message => "OAuth is disabled on this action; this is the correct result!", :params => params}
     end
 
     respond_to do |format|

data/app/models/opro/oauth/auth_grant.rb

@@ -8,7 +8,7 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
   belongs_to :client_app,         :class_name => "Opro::Oauth::ClientApp", :foreign_key => "application_id"
 
 
-  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Application is already authed for this user"}, :presence => true
+  validates :application_id, :uniqueness => {:scope => :user_id, :message => "Application is already authorized for this user"}, :presence => true
   validates :code,           :uniqueness => true
   validates :access_token,   :uniqueness => true
 
@@ -26,7 +26,7 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
 
   def expired?
     return false unless ::Opro.require_refresh_within.present?
-    return expires_in < 0
+    return expires_in && expires_in < 0
   end
 
   def not_expired?
@@ -80,13 +80,15 @@ class Opro::Oauth::AuthGrant < ActiveRecord::Base
   end
 
   def generate_tokens!
-    self.code, self.access_token, self.refresh_token = unique_token_for(:refresh_token), unique_token_for(:access_token), unique_token_for(:refresh_token)
+    self.code          = unique_token_for(:code)
+    self.access_token  = unique_token_for(:access_token)
+    self.refresh_token = unique_token_for(:refresh_token)
   end
 
   # used to guarantee that we are generating unique codes, access_tokens and refresh_tokens
   def unique_token_for(field, secure_token  = SecureRandom.hex(16))
     raise "bad field" unless self.respond_to?(field)
-    auth_grant = self.class.where(field => secure_token).first    
+    auth_grant = self.class.where(field => secure_token).first
     return secure_token if auth_grant.blank?
     unique_token_for(field)
   end

data/app/views/opro/oauth/auth/new.html.erb

@@ -1,28 +1,27 @@
-<h2>Authorization Request</h2>
+<div class="opro">
+  <h2>Authorization Request</h2>
 
+  <p>
+    <%= @client_app.name %>  would like to access your data. Only accept if you trust this application. You will then be redirected back to: "<%= @redirect_uri %>".
+  </p>
 
-<p>
-<%= @client_app.name %>  would like to access your Data. Only accept if you know them, you will then be redirected back to: "<%= @redirect_uri %>".
-</p>
+  <%= form_for @client_app, :url => oauth_authorize_path(:client_id => @client_app.client_id, :redirect_uri => @redirect_uri), :method => :post do |f| %>
 
-<%= form_for @client_app, :url => oauth_authorize_path(:client_id => @client_app.client_id, :redirect_uri => @redirect_uri), :method => :post do |f| %>
+    I Authorize <%= @client_app.name %> to:
 
+    <ul>
+      <li><%= check_box_tag 'permissions[read]', 1, true, {:disabled => true} %> Read</li>
+      <% @scopes.each do |permission| %>
+        <% is_checked =  @client_app.permissions.key?(permission) ? @client_app.permissions[permission] : true %>
+        <li>
+          <%= check_box_tag "permissions[#{permission}]", 1, is_checked %>
+          <%= permission.capitalize %>
+        </li>
+      <% end %>
+    </ul>
 
-I Authorize <%= @client_app.name %> to:
-
-
-  <ul>
-
-    <li><%= check_box_tag 'permissions[read]', 1, true, {:disabled => true} %> Read</li>
-
-    <% @scopes.each do |permission| %>
-      <% is_checked =  @client_app.permissions.key?(permission) ? @client_app.permissions[permission] : true %>
-      <li><%= check_box_tag "permissions[#{permission}]", 1, is_checked %> <%= permission.capitalize %></li>
-    <% end %>
-  </ul>
-
-  <%= f.submit 'Authorize This Application', :id => 'oauthAuthorize' %>
-<%- end -%>
-
-<%= button_to 'Decline this Request', request.referrer||'/', :id => 'oauthNoAuthorize' %>
+    <%= f.submit 'Authorize This Application', :id => 'oauthAuthorize' %>
+  <%- end -%>
 
+  <%= button_to 'Decline this Request', request.referrer||'/', :id => 'oauthNoAuthorize' %>
+</div>

data/app/views/opro/oauth/client_app/edit.html.erb

@@ -0,0 +1,14 @@
+<div class="opro">
+  <h2>Edit your OAuth Client App</h2>
+  <ul>
+    <% @client_app.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+
+  <%= form_for @client_app, :url => oauth_client_app_path(@client_app), :method => :put do |f| %>
+    <%= f.label :name %>
+    <%= f.text_field :name, :placeholder => 'App Name' %>
+    <%= f.submit 'Update your Client', :id => 'submitApp' %>
+  <%- end -%>
+</div>

data/app/views/opro/oauth/client_app/index.html.erb

@@ -1,18 +1,19 @@
-<%- if @client_apps.blank? -%>
-  <h2>You have no Apps</h2>
-<%- else -%>
-  <h2>Your Apps</h2>
-  <% @client_apps.each do |client_app| %>
-    <table>
-      <tr><td>Name:   </td><td> <%= client_app.name       %></td></tr>
-      <tr><td>id:     </td><td> <%= client_app.app_id     %></td></tr>
-      <tr><td>Secret: </td><td> <%= client_app.app_secret %></td></tr>
-    </table>
-    <hr />
+<div class="opro">
+  <%- if @client_apps.blank? -%>
+    <h2>You have no applications.</h2>
+  <%- else -%>
+    <h2>Your Applications</h2>
+    <% @client_apps.each do |client_app| %>
+      <table>
+        <tr><td>Name:   </td><td> <%= client_app.name       %></td></tr>
+        <tr><td>Client Id:     </td><td> <%= client_app.app_id     %></td></tr>
+        <tr><td>Client Secret: </td><td> <%= client_app.app_secret %></td></tr>
+      </table>
+      <%= link_to "edit", edit_oauth_client_app_path(client_app) %>
+      <hr />
+    <%- end -%>
   <%- end -%>
-<%- end -%>
-
-
-<div>
-  <%= link_to 'Register an New App', new_oauth_client_app_path %>
+  <div>
+    <%= link_to 'Register a new application', new_oauth_client_app_path %>
+  </div>
 </div>

data/app/views/opro/oauth/client_app/new.html.erb

@@ -1,14 +1,20 @@
-<h2>Create An OAuth Client App</h2>
-<div>
-  <%= form_for @client_app, :url => oauth_client_apps_path do |f| %>
-    <%= f.label :name %>
-    <%= f.text_field :name, :placeholder => 'App Name' %>
-    <%= f.submit 'Create OAuth Client', :id => 'submitApp' %>
-    <p>(you can change this name later)</p>
-  <%- end -%>
-</div>
+<div class="opro">
+  <h2>Create An OAuth Client Application</h2>
+  <ul>
+    <% @client_app.errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+  <div>
+    <%= form_for @client_app, :url => oauth_client_apps_path do |f| %>
+      <%= f.label :name %>
+      <%= f.text_field :name, :placeholder => 'Application Name' %>
+      <%= f.submit 'Create OAuth Client Application', :id => 'submitApp' %>
+      <p>(you can change this name later)</p>
+    <%- end -%>
+  </div>
 
-
-<div>
-  <%= link_to 'My Aplications', oauth_client_apps_path %>
-</div>
+  <div>
+    <%= link_to 'My Applications', oauth_client_apps_path %>
+  </div>
+</div>

data/app/views/opro/oauth/client_app/show.html.erb

@@ -0,0 +1,15 @@
+<div class="opro">
+  <p>Copy these credentials down for use in your application</p>
+  <table>
+    <tr><td>Name:      </td><td><%= @client_app.name       %></td></tr>
+    <tr><td>Client Id: </td><td><%= @client_app.app_id     %></td></tr>
+    <tr><td>Secret:    </td><td><%= @client_app.app_secret %></td></tr>
+  </table>
+  <%= link_to "edit", edit_oauth_client_app_path(@client_app) %>
+  <hr />
+  <p>
+    Read the
+    <%= link_to 'Quick Start Documentation', oauth_doc_path(:quick_start) %> or
+      <%= link_to 'Register Another OAuth Client App', new_oauth_client_app_path %>
+  </p>
+</div>

data/app/views/opro/oauth/docs/index.html.erb

@@ -1,27 +1,26 @@
-<h2>Oauth Docs</h2>
+<div class="opro">
+  <h2>OAuth Docs</h2>
+  <p>OAuth shouldn't be hard, and neither should docs</p>
 
+  <h2>Quick Links</h2>
+  <ul>
+    <li><%= link_to 'Quick Start',  oauth_doc_path(:quick_start) %></li>
+    <li><%= link_to 'Curl',         oauth_doc_path(:curl)        %></li>
+    <li><%= link_to 'OAuth',        oauth_doc_path(:oauth)       %></li>
 
-<p>Oauth shouldn't be hard, and neither should docs</p>
+    <% if ::Opro.request_permissions.present? %>
+      <li><%= link_to 'Permisions',  oauth_doc_path(:permissions) %></li>
+    <% end %>
 
-<h2>Quick Links</h2>
+    <% if ::Opro.require_refresh_within.present? %>
+      <li><%= link_to 'Refresh Tokens',  oauth_doc_path(:refresh_tokens) %></li>
+    <% end %>
 
-<ul>
-  <li><%= link_to 'Quick Start',  oauth_doc_path(:quick_start) %></li>
-  <li><%= link_to 'Curl',   oauth_doc_path(:curl) %></li>
-  <li><%= link_to 'Oauth',  oauth_doc_path(:oauth) %></li>
+    <% if ::Opro.password_exchange_enabled? %>
+      <li><%= link_to 'Password Exchange',  oauth_doc_path(:password_exchange) %></li>
+    <% end %>
 
-  <% if ::Opro.request_permissions.present? %>
-    <li><%= link_to 'Permisions',  oauth_doc_path(:permissions) %></li>
-  <% end %>
+  </ul>
 
-  <% if ::Opro.require_refresh_within.present? %>
-    <li><%= link_to 'Refresh Tokens',  oauth_doc_path(:refresh_tokens) %></li>
-  <% end %>
-
-  <% if ::Opro.password_exchange_enabled? %>
-    <li><%= link_to 'Password Exchange',  oauth_doc_path(:password_exchange) %></li>
-  <% end %>
-
-</ul>
-
-<%= render_doc(:quick_start) %>
+  <%= render_doc(:quick_start) %>
+</div>

data/app/views/opro/oauth/docs/markdown/curl.md.erb

@@ -1,29 +1,29 @@
 # Curl
 
-[Curl](http://curl.haxx.se/) is a command line tool for transferring data with a url syntax. Most systems should have curl installed. Open up terminal on OS X or command prompt on windows and type in `curl`. There are parts of the OAuth process that were not intended for direct human interaction such as exchanging the code from the Provider for an access_token. Because of this, it can be easier to use `curl` to talk to a server directly instead of using a web browser.
+[Curl](http://curl.haxx.se/) is a command line tool for transferring data with a url syntax. Most systems should have curl installed. Open up terminal on OS X or command prompt on Windows and type in `curl`. There are parts of the OAuth process that were not intended for direct human interaction, such as exchanging the code from the Provider for an access_token. Because of this, it can be easier to use `curl` to talk to a server directly instead of using a web browser.
 
 ## What is it good for?
 
-With curl we're able to arbitrarily add parameters to our requests and to send using arbitrary HTTP status codes (GET/POST/DELETE) that are difficult to simulate in the browser. If you need to `POST` data to a url doing so with curl is much easier than constructing a form for testing.
+With curl, we're able to arbitrarily add parameters to our requests and send using arbitrary HTTP verbs (GET/POST/DELETE) that are difficult to simulate in the browser. If you need to `POST` data to a url, doing so with curl is much easier than constructing a form for testing.
 
 # Hurl
 
-[Hurl](http://hurl.it/) is an open sourced browser based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
+[Hurl](http://hurl.it/) is an open source browser-based `curl` implementation. If you're going to do quite a few curl requests, using it can be easier than the command line.
 
 ## How do I use it?
 
-On the command line you should be able to get get help by typing `man curl` if your system supports man pages. Below are some simple and common use cases
+On the command line, you should be able to get get help by typing `man curl` if your system supports man pages. Below are some simple and common use cases.
 
 ### Get Webpage
 
-You can get the entire contents of a web document by simply issuing curl to that url
+You can get the entire contents of a web document by simply calling curl with that url:
 
     $ curl https://www.google.com
 
 ### Get Headers
 
 
-You can ask for the headers of a request by adding the `-I` flag to a curl command
+You can ask for the headers of a request by adding the `-I` flag to a curl command:
 
     $ curl https://www.google.com -I
     HTTP/1.1 200 OK
@@ -37,15 +37,15 @@ You can ask for the headers of a request by adding the `-I` flag to a curl comma
 
 ### Set Headers
 
-You can set a request header by using `-H` for example if you wanted to send an access_token in a header you could issue this request (assuming your access token is '9693accessTokena7ca570bbaf')
+You can set a request header by using `-H`. For example, if you wanted to send an access_token in a header, you could issue this request (assuming your access token is '9693accessTokena7ca570bbaf'):
 
-    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money, :protocol => @protocol)%>"
+    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money, :protocol => @protocol) %>"
 
 
 ### HTTP Verb
 
-You can specify the type of request you make in curl (GET, POST, PUT, DELETE, etc.) by using `-X`. For example if you wanted to POST to the /products url at localhost:3000/products you could do so like this:
+You can specify the type of request you make in curl (GET, POST, PUT, DELETE, etc.) by using `-X`. For example, if you wanted to POST to the /products path at <%= root_url %>, you could do so like this:
 
-    $ curl -X POST <%= root_url %>
+    $ curl -X POST <%= root_url %>products
 
 

data/app/views/opro/oauth/docs/markdown/oauth.md.erb

@@ -1,13 +1,13 @@
 ## OAuth 2
 
-OAuth comes in a few different flavors, the implementation of OAuth comes from [Version 22 of the OAuth 2.0 protocol](http://tools.ietf.org/html/draft-ietf-oauth-v2-22) and is heavily influenced by [Facebook's Server Side OAuth Authentication](http://developers.facebook.com/docs/authentication/server-side/) and [Github's API](http://developer.github.com/v3/oauth/).
+OAuth comes in a few different flavors. This implementation of OAuth comes from [Version 22 of the OAuth 2.0 protocol](http://tools.ietf.org/html/draft-ietf-oauth-v2-22) and is heavily influenced by [Facebook's Server Side OAuth Authentication](http://developers.facebook.com/docs/authentication/server-side/) and [Github's API](http://developer.github.com/v3/oauth/).
 
 
 ## What is OAuth?
 
 OAuth is a secure way to grant authorization without having to transfer passwords to third parties. If you've used an iPhone or Android app to access Twitter or Facebook you've likely used OAuth.
 
-The flow is simple, it is started when a user clicks on an authorization button, they are then directed to the OAuth provider's website, such as Facebook. They are then prompted to confirm with the OAuth provider that they are who they say they are by logging in. The user is then given the opportunity to grant authorization to the OAuth client (where the request was initiated, such as the iPhone). After returning to the client, a code is sent that can be exchanged for a secure token. This secure token can be used to authenticate as the user. This way an iPhone client can ask for personalized content to show to the user, such as a friend list, or messages. This is the mechanism that drives most of the web.
+The flow is simple: it is started when a user clicks on an authorization button. They are then directed to the OAuth provider's website, such as Facebook. They are then prompted to confirm with the OAuth provider that they are who they say they are by logging in. The user is then given the opportunity to grant authorization to the OAuth client (where the request was initiated, such as an iPhone app). After returning to the client, a code is sent that can be exchanged for a secure token. This secure token can be used to authenticate as the user. This way an iPhone app can ask for personalized content to show to the user, such as a friend list or messages. This is the mechanism that drives most of the web.
 
 
 ## Watch "OAuth: A Tale of 2 Servers"
@@ -19,18 +19,18 @@ This video covers a typical flow an OAuth client follows with an OAuth provider
 
 ## Not just Mobile
 
-Client and server side web applications can use this type of authorization to add features to their service such as posting things to a timeline, or adding personalization.
+Client and server side web applications can use this type of authorization to add features to their service such as posting things to a timeline or adding personalization.
 
 
 ## Alternatives
 
-OAuth is simple in concept, but can be tricky to implement right. Many services also support basic auth. With basic auth you send a user's username and password along with every request. While this is fairly simple it means that the client application store your password, which is not very secure.
+OAuth is simple in concept, but can be tricky to implement right. Many services also support basic auth. With basic auth, you send a user's username and password along with every request. While this is fairly simple, it means that the client application stores your password, and this is not very secure.
 
 
 ## Clients
 
-This website is an OAuth Provider, and you can create an OAuth client to access this website as a logged in user for select url's.
+This website is an OAuth provider, and you can create an OAuth client to access this website as a logged in user for select URLs.
 
-To get started getting your first OAuth token follow the <%= view_context.link_to 'quick start guide', oauth_doc_path(:quick_start) %>.
+To get started with getting your first OAuth token, follow the <%= view_context.link_to 'Quick Start Guide', oauth_doc_path(:quick_start) %>.
 
 

data/app/views/opro/oauth/docs/markdown/password_exchange.md.erb

@@ -3,12 +3,12 @@
 
 ## Password Exchange
 
-If you're building a mobile (iPhone, Android, etc.) app it can be easier to exchange a user's password and email/username for an access token then to send your user throught the traditional OAuth flow.
+If you're building a mobile (iPhone, Android, etc.) app, it can be easier to exchange a user's password and email/username for an access token than to send your user through the traditional OAuth flow.
 
 
 ## Step 1: Register your Application
 
-Sign in as a registered user then visit the [new client application page](/oauth_client_apps/new). Enter in the name of your application for this example we can use `foo`, you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`, these behave like a username and password for your OAuth application.
+Sign in as a registered user then visit the [new client application page](/oauth_client_apps/new). Enter in the name of your application. For this example, we can use `foo`; you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`. These behave like a username and password for your OAuth application.
 
 
     Name:           foo
@@ -16,30 +16,30 @@ Sign in as a registered user then visit the [new client application page](/oauth
     client Secret:  14321myClientSecret8765
 
 
-Once you've registered an app successfully we can start to build an OAuth application. Don't continue until you've [registered a client app](/oauth_client_apps/new).
+Once you've registered an app successfully, we can start to build an OAuth application. Don't continue until you've [registered a client app](/oauth_client_apps/new).
 
 **Note:** Replace the client id and secret with your actual client id and secret.
 
-Once you have your id and secret, you can ask the user of your application to provide you with their username and password. For the purposes of this we will be using the example email address of `foo@example.com` and password of `p4ssw0rd`.
+Once you have your id and secret, you can ask the user of your application to provide you with their username and password. For the purposes of this example we will be using the email address `foo@example.com` and password `p4ssw0rd`.
 
 **Note:** Replace the email and password with a real user's credentials.
 
 
-Once you have the email/username and password of a user, you can exchange this information for a token by sending the server your client\_id & client\_secret along with username and password. Don't forget to url encode any special characters like `@`, and always transmit this sensitive data using a secure protocol (such as https):
+Once you have the email/username and password of a user, you can exchange this information for a token by sending the server your client\_id & client\_secret along with the username and password. Don't forget to url encode any special characters like `@`, and always transmit this sensitive data using a secure protocol (such as https):
 
     <%= oauth_token_url(:protocol => @protocol, :email => "foo@example.com", :password => "p4ssw0rd", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>
 
-The response should be json with an access_token:
+The response should be JSON with an access_token:
 
 
     {"access_token":"9693accessTokena7ca570bbaf","refresh_token":"3a3c129ad02b573de78e65af06c293f1","expires_in":null}
 
-You can now use the `access_token` in the parameters of future requests or in the header, see the end of the [Quick Start Guide](/oauth_docs/quick_start) for examples.
+You can now use the `access_token` in the parameters or the header of future requests. See the end of the <%= view_context.link_to 'Quick Start Guide', oauth_doc_path(:quick_start) %> for examples.
 
 
 ## Additional Exchange
 
 
- In addition to username/password the owner of this web service may choose to implement other custom exchanges such as Facebook or Twitter token exchange for an access token. You must contact the owner of this web service to see if they support other data when exchanging tokens.
+ In addition to username/password, the owner of this web service may choose to implement other custom exchanges such as Facebook or Twitter token exchange for an access token. You must contact the owner of this web service to see if they support other data when exchanging tokens.
 
- When you do this make sure to pass `grant_type=password` or `grant_type=bearer` in the request to `/oauth/token`, in addition to any required parameters.
+ When you do this make sure to pass `grant_type=password` or `grant_type=bearer` in the request to `<%= oauth_token_url %>` in addition to any required parameters.

data/app/views/opro/oauth/docs/markdown/permissions.md.erb

@@ -16,7 +16,7 @@ To perform any type of request other than a [GET](http://en.wikipedia.org/wiki/H
 
 ## Request Scope
 
-As a client application you can request specific scopes while you are authorizing a user, if no scope is specified all permissions will be requested. This is an example of an application with client id of `3234myClientId5678` specifying that they want `write` access for their app:
+As a client application, you can request specific scopes while you are authorizing a user. If no scope is specified, all permissions will be requested. This is an example of an application with client id of `3234myClientId5678` specifying that they want `write` access for their app:
 
 
     <%= oauth_authorize_url(:client_id => "3234myClientId5678", :protocol => @protocol) + "&scope[]=write" %>

data/app/views/opro/oauth/docs/markdown/quick_start.md.erb

@@ -1,6 +1,6 @@
 ## Quick Start Guide
 
-This site is providing OAuth 2 through [Opro](http://github.com/schneems/opro). If this is your first time using OAuth, please visit [What is OAuth](<%= oauth_doc_path(:oauth) %>) or follow along with this guide.
+This site is providing OAuth 2 through [oPRO](http://github.com/schneems/opro). If this is your first time using OAuth, please visit [What is OAuth](<%= oauth_doc_path(:oauth) %>) or follow along with this guide.
 
 <% if ::Opro.password_exchange_enabled? %>
 
@@ -13,42 +13,42 @@ If you are building a client application and have direct access to a user's cred
 # OAuth 2 Flow
 
 
-## Step 1: Register your Application
+## Step 1: Register your application
 
-Sign in as a registered user then visit the [new client application page](/oauth_client_apps/new). Enter in the name of your application for this example we can use `foo`, you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`, these behave like a username and password for your OAuth application.
+Sign in as a registered user then visit the [new client application page](<%= new_oauth_client_app_path %>). Enter in the name of your application. For this example, we will use `foo`; you can change this later if you desire. Hit enter and you should see a screen that has your application name along with a `client id` and a `secret`. These behave like a username and password for your OAuth application.
 
 
     Name:       foo
-    client id:  3234myClientId5678
+    Client id:  3234myClientId5678
     Secret:     14321myClientSecret8765
 
 
-Once you've registered an app successfully we can start to build an OAuth application. Don't continue until you've [registered a client app](/oauth_client_apps/new).
+Once you've registered an app successfully we can start to build an OAuth application. Don't continue until you've [registered a client app](<%= new_oauth_client_app_path %>).
 
 
-## Step 2: As a User Grant access to your App
+## Step 2: As a user, grant access to your app
 
-Now that you have a client application, you'll want to give it access to a user account. Open a new browser window with your currently logged in account, then give your application permission by visiting the url below (swap out '3234myClientId5678' for your client id and '14321myClientSecret8765' for your client secret)
+Now that you have a client application, you'll want to give it access to a user account. Open a new browser window and log in with a user account, then give your application permission by visiting the url below (swap out '3234myClientId5678' for your client id and '14321myClientSecret8765' for your client secret)
 
     <%= oauth_authorize_url(:protocol => @protocol, :redirect_uri => "/", :client_id => "3234myClientId5678", :client_secret => "14321myClientSecret8765" ) %>
 
 
 This should land you on a page asking if you would like to grant permission to the application. If not, make sure you're logged in and you put the correct client id in the url.
 
-Once you grant your application permission, you will be redirected back to the url provided. In this case we will go back to the home page of our app.
+Once you grant your application permission, you will be redirected back to the url provided. In this case, we will go back to the home page of this app.
 
-Once redirected to the home page, take a look in the address bar, we should see a `code` parameter. Copy this for use later:
+Once redirected to the home page, take a look in the address bar. We should see a `code` parameter. Copy this for use later:
 
     <%= root_url(:protocol => @protocol) + "?code=4857goldfish827423" %>
 
-In the url above the `code` would be `4857goldfish827423`. This code can be used to obtain an access token for the user. Once you have a user's access token, you can perform actions for the user as if they were logged in. If you accidentally close this page, don't worry just visit first url and we'll show you the code again.
+In the url above, the `code` would be `4857goldfish827423`. This code can be used to obtain an access token for the user. Once you have a user's access token, you can perform actions for the user as if they were logged in. If you accidentally close this page, don't worry-- just visit the first url in Step 2 again and the application will show you the code again.
 
 
-## Step 3: Get an Access Token for a User with Curl
+## Step 3: Get an access token for a user with curl
 
-We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of getting an access for our first user, you'll likely use http client libraries in your actual applications, but most systems come with curl and it is a fairly easy way to get started. If you've never used it before read our [curl documentation](<%= oauth_doc_path(:curl) %>)
+We'll be using [Curl](<%= oauth_doc_path(:curl) %>) to go through the process of getting an access token for our first user. You'll likely use http client libraries in your actual application, but most systems come with curl, and it is a fairly easy way to get started. If you've never used it before, read our [curl documentation](<%= oauth_doc_path(:curl) %>)
 
-(Note in all code examples the $ character indicates we are on the command line, it does not need to be coppied)
+(Note in all code examples the $ character indicates we are on the command line, it does not need to be copied)
 
 You'll want to make sure to replace `client_id`, `client_secret`, and `code` with your values.
 
@@ -59,29 +59,29 @@ You'll want to make sure to replace `client_id`, `client_secret`, and `code` wit
                                 :code          => "4857goldfish827423") %>'
 
 
-You should get back a response that looks like this
+You should get back a response that looks like this:
 
     $ {"access_token":"9693accessTokena7ca570bbaf","refresh_token":"3a3c129ad02b573de78e65af06c293f1","expires_in":null}
 
 
-If not, double check the previous steps and ensure you are using the correct values in the query. Once you get a successful response, copy the `access_token` for use later, in this example it is `9693accessTokena7ca570bbaf`. Treat this access_token as if it were the user's password. It is sensitive information.
+If not, double check the previous steps and ensure you are using the correct values in the query. Once you get a successful response, copy the `access_token` for use later. In this example, it is `9693accessTokena7ca570bbaf`. Treat this access_token as if it were the user's password. It is sensitive information.
 
 
 ## Step 4: Use the access token
 
-Now we've gone through all the hard work of getting an access token, you can use it to make authenticated requests to the server. You'll need to include the correct `access_token` parameter in your query and you'll be logged in as that user for that request.
+Now that we've gone through all the hard work of getting an access token, you can use it to make authenticated requests to the server. If you include the correct `access_token` parameter in your query, you'll be logged in as that user for that request.
 
-Try it out for yourself, replace the access token below with the one you received, then you can run this curl command:
+Try it out for yourself. Replace the access token below with the one you received and run this curl command:
 
-    $ curl "<%= oauth_tests_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf') %>"
+    $ curl "<%= oauth_test_url(:show_me_the_money, :access_token => '9693accessTokena7ca570bbaf') %>"
 
 
 
-You should see a successful result ( again don't forget to replace the example access token with yours ). Note that all urls will support OAuth authentication.
+You should see a successful result (again, don't forget to replace the example access token with yours). Note that all urls will support OAuth authentication.
 
-You can also use a header to pass the oauth token
+You can also use a header to pass the OAuth token:
 
-    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_tests_url(:show_me_the_money) %>"
+    $ curl -H "Authorization: token 9693accessTokena7ca570bbaf" "<%= oauth_test_url(:show_me_the_money) %>"
 
 
 ## Security