pelle-oauth 0.3.1 → 0.3.5

data/History.txt

@@ -1,8 +1,54 @@
-== 0.3.1
+== 0.3.6
 
-* Michael Wood identified a problem with relative and absolute token request paths. This should now be fixed and is tested for both cases.
+* Added -B CLI option to use the :body authentication scheme (Seth)
 
-== 0.3.0
+== 0.3.5 2009-06-03
+
+* `query` CLI command to access protected resources (Seth)
+* Added -H, -Q CLI options for specifying the authentication scheme (Seth)
+* Added -O CLI option for specifying a file containing options (Seth)
+* Support streamable body contents for large request bodies (Seth Cousins)
+* Support for OAuth 1.0a (Seth)
+* Added proxy support to OAuth::Consumer (Marshall Huss)
+* Added --scope CLI option for Google's 'scope' parameter (Seth)
+
+== 0.3.4 2009-05-06
+
+* OAuth::Client::Helper uses OAuth::VERSION (chadisfaction)
+* Fix OAuth::RequestProxy::ActionControllerRequest's handling of params
+  (Tristan Groléat)
+
+== 0.3.3 2009-05-04
+
+* Corrected OAuth XMPP namespace (Seth)
+* Improved error handling for invalid Authorization headers (Matt Sanford)
+* Fixed signatures for non-ASCII under $KCODE other than 'u' (Matt Sanford)
+* Fixed edge cases in ActionControllerRequestProxy where params were being
+  incorrectly signed (Marcos Wright Kuhns)
+* Support for arguments in OAuth::Consumer#get_access_token (Matt Sanford)
+* Add gem version to user-agent header (Matt Sanford)
+* Handle input from aggressive form encoding libraries (Matt Wood)
+
+== 0.3.2 2009-03-23
+
+* 2xx statuses should be treated as success (Anders Conbere)
+* Support applications using the MethodOverride Rack middleware (László Bácsi)
+* `authorize` command for `oauth` CLI (Seth)
+* Initial support for Problem Reporting extension (Seth)
+* Verify SSL certificates if CA certificates are available (Seth)
+* Fixed ActionController parameter escaping behavior (Thiago Arrais, László
+  Bácsi, Brett Gibson, et al)
+* Fixed signature calculation when both options and a block were provided to
+  OAuth::Signature::Base#initialize (Seth)
+* Added help to the 'oauth' CLI (Seth)
+* Fixed a problem when attempting to normalize MockRequest URIs (Seth)
+
+== 0.3.1 2009-1-26
+
+* Fixed a problem with relative and absolute token request paths. (Michael
+  Wood)
+
+== 0.3.0 2009-1-25
 
 * Support ActionController::Request from Edge Rails (László Bácsi)
 * Correctly handle multi-valued parameters (Seth)
@@ -15,23 +61,25 @@
 * Improved test-cases and compatibility for encoding issues. (Pelle)
 
 == 0.2.7 2008-9-10 The lets fix the last release release
-Fix in plain text signatures to bug found by Andrew Arrow. Who contributed new new unit tests for plain text sigs.
 
-There was an error in the RSA requests using oauth tokens. Thanks to Philip Lipu Tsai for noticing this.
+* Fixed plain text signatures (Andrew Arrow)
+* Fixed RSA requests using OAuthTokens. (Philip Lipu Tsai)
 
 == 0.2.6 2008-9-9 The lets RSA release
 
-- Bill Kocik's fix for Ruby 1.8.7
-- Fixed rsa verification, so you can actually create an OAuth server yourself now using Ruby and RSA
-- Added better testing for RSA
-- Fixed issue where token was being included for rsa signatures
-- Chris Mear added support for a private_key_file option for rsa signatures 
-- Scott Hill fixed several edge cases where parameters were incorrectly being signed
-- Patch from choonkeat fixing a problem with rsa signing.
+* Improved support for Ruby 1.8.7 (Bill Kocik)
+* Fixed RSA verification to support RSA providers
+  now using Ruby and RSA
+* Improved RSA testing
+* Omit token when signing with RSA
+* Added support for 'private_key_file' option for RSA signatures (Chris Mear)
+* Fixed several edge cases where params were being incorrectly signed (Scott
+  Hill)
+* Fixed RSA signing (choonkeat)
 
 == 0.2.2 2008-2-22 Lets actually support SSL release
 
-It didn't actually use https when required.
+* Use HTTPS when required.
 
 == 0.2 2008-1-19 All together now release
 
@@ -39,10 +87,11 @@ This is a big release, where we have merged the efforts of various parties into
 
 == 0.1.2 2007-12-1
 
-* 1 Fixed a problem where incoming request didn't check whether oauth parameters where missing. While not giving unauthorized access it did cause extra processing where not necessary.
-* 2 Includes Pat's fix for getting the realm out.
+* Fixed checks for missing OAuth params to improve performance
+* Includes Pat's fix for getting the realm out.
 
 == 0.1.1 2007-11-26
 
-* 1 First release as a GEM
-  * Moved all non rails functions into this GEM from the Rails plugin http://code.google.com/p/oauth-plugin/
+* First release as a GEM
+* Moved all non-Rails functionality from the Rails plugin:
+  http://code.google.com/p/oauth-plugin/

data/Manifest.txt

@@ -5,13 +5,19 @@ README.rdoc
 Rakefile
 TODO
 bin/oauth
+examples/yql.rb
 lib/oauth.rb
+lib/oauth/oauth.rb
 lib/oauth/cli.rb
 lib/oauth/client.rb
 lib/oauth/client/action_controller_request.rb
 lib/oauth/client/helper.rb
 lib/oauth/client/net_http.rb
 lib/oauth/consumer.rb
+lib/oauth/errors.rb
+lib/oauth/errors/error.rb
+lib/oauth/errors/problem.rb
+lib/oauth/errors/unauthorized.rb
 lib/oauth/helper.rb
 lib/oauth/oauth_test_helper.rb
 lib/oauth/request_proxy.rb
@@ -34,13 +40,17 @@ lib/oauth/signature/plaintext.rb
 lib/oauth/signature/rsa/sha1.rb
 lib/oauth/signature/sha1.rb
 lib/oauth/token.rb
+lib/oauth/tokens/access_token.rb
+lib/oauth/tokens/consumer_token.rb
+lib/oauth/tokens/request_token.rb
+lib/oauth/tokens/server_token.rb
+lib/oauth/tokens/token.rb
 lib/oauth/version.rb
 oauth.gemspec
 script/destroy
 script/generate
 script/txt2html
 setup.rb
-specs.txt
 tasks/deployment.rake
 tasks/environment.rake
 tasks/website.rake
@@ -51,13 +61,16 @@ test/cases/spec/1_0-final/test_parameter_encodings.rb
 test/cases/spec/1_0-final/test_signature_base_strings.rb
 test/keys/rsa.cert
 test/keys/rsa.pem
+test/test_access_token.rb
 test/test_action_controller_request_proxy.rb
 test/test_consumer.rb
 test/test_helper.rb
 test/test_hmac_sha1.rb
 test/test_net_http_client.rb
 test/test_net_http_request_proxy.rb
+test/test_oauth_helper.rb
 test/test_rack_request_proxy.rb
+test/test_request_token.rb
 test/test_rsa_sha1.rb
 test/test_server.rb
 test/test_signature.rb

data/README.rdoc

@@ -12,7 +12,7 @@ See the OAuth specs http://oauth.net/core/1.0/
 
 You can also install it from the oauth rubyforge project http://rubyforge.org/projects/oauth/.
 
-The source code is now hosted on the OAuth GitHub Project http://github.com/pelle/oauth/tree/master
+The source code is now hosted on the OAuth GitHub Project http://github.com/mojodna/oauth
 
 == The basics
 
@@ -24,20 +24,18 @@ As a matter of fact it has been pulled out from an OAuth Rails Plugin http://cod
 
 Create a new consumer instance by passing it a configuration hash:
 
-  @consumer=OAuth::Consumer.new( "key","secret", {
-    :site=>"https://agree2"
-    })
+  @consumer = OAuth::Consumer.new("key","secret", :site => "https://agree2")
 
 Start the process by requesting a token
 
-  @request_token=@consumer.get_request_token
-  session[:request_token]=@request_token
+  @request_token = @consumer.get_request_token
+  session[:request_token] = @request_token
   redirect_to @request_token.authorize_url
 
 When user returns create an access_token
 
-  @access_token=@request_token.get_access_token
-  @photos=@access_token.get('/photos.xml')
+  @access_token = @request_token.get_access_token
+  @photos = @access_token.get('/photos.xml')
 
 For more detailed instructions I have written this OAuth Client Tutorial http://stakeventures.com/articles/2008/02/23/developing-oauth-clients-in-ruby and "How to turn your rails site into an OAuth Provider ":http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-site-into-an-oauth-provider .
 
@@ -59,7 +57,7 @@ http://groups.google.com/group/oauth-ruby
 
 Read the "8 steps for fixing other people's code" http://drnicwilliams.com/2007/06/01/8-steps-for-fixing-other-peoples-code/.
 
-The source code is now hosted on the OAuth GitHub Project http://github.com/pelle/oauth/tree/master
+The source code is now hosted on the OAuth GitHub Project http://github.com/mojodna/oauth
 
 To submit a patch, please fork the oauth project and create a patch with tests. Once you're happy with it send a pull request and post a message to the google group.
 

data/Rakefile

@@ -6,21 +6,23 @@ require 'oauth/version'
 # Generate all the Rake tasks
 # Run 'rake -T' to see list of generated tasks (from gem root directory)
 $hoe = Hoe.new('oauth', OAuth::VERSION) do |p|
-  p.author = ['Pelle Braendgaard','Blaine Cook','Larry Halff','Jesse Clark','Jon Crosby', 'Seth Fitzsimmons']  
-  p.email = "pelleb@gmail.com"
+  p.author = ['Pelle Braendgaard','Blaine Cook','Larry Halff','Jesse Clark','Jon Crosby', 'Seth Fitzsimmons']
+  p.email = "oauth-ruby@googlegroups.com"
   p.description = "OAuth Core Ruby implementation"
   p.summary = p.description
   p.changes              = p.paragraphs_of("History.txt", 0..1).join("\n\n")
   p.rubyforge_name       = p.name # TODO this is default value
   p.url = "http://oauth.rubyforge.org"
-  
+
   p.extra_deps         = [
     ['ruby-hmac','>= 0.3.1']
   ]
   p.extra_dev_deps = [
-    ['newgem', ">= #{::Newgem::VERSION}"]
+    ['newgem', ">= #{::Newgem::VERSION}"],
+    ['actionpack'],
+    ['rack']
   ]
-  
+
   p.clean_globs |= %w[**/.DS_Store tmp *.log **/.*.sw? *.gem .config **/.DS_Store]
   path = (p.rubyforge_name == p.name) ? p.rubyforge_name : "\#{p.rubyforge_name}/\#{p.name}"
   p.remote_rdoc_dir = File.join(path.gsub(/^#{p.rubyforge_name}\/?/,''), 'rdoc')

data/TODO

@@ -12,3 +12,20 @@ Common use-cases should be streamlined:
   errors, if available).
 * I want to host an OAuth-enabled web service.
 * I want to test my OAuth-enabled web service (i.e. test helpers)
+
+Example applications for:
+* Ning
+* Fire Eagle
+* Google (blogger, contacts)
+* Twitter
+* YOS / YQL
+* Netflix
+
+In addition to providing best practices of use, these can also be part of
+the pre-release checks to make sure that there have been no regressions.
+
+Random TODOs:
+* finish CLI
+* sensible Exception hierarchy
+* Tokens as Modules
+* don't tie to Net::HTTP

data/bin/oauth

@@ -1,5 +1,5 @@
-#!/usr/bin/env ruby
+#!/usr/bin/env ruby -w -rubygems
 
 require "oauth/cli"
 
-OAuth::CLI.execute(STDOUT, ARGV)
+OAuth::CLI.execute(STDOUT, STDIN, STDERR, ARGV)

data/examples/yql.rb

@@ -0,0 +1,44 @@
+#!/usr/bin/env ruby -rubygems
+
+# Sample queries:
+#  ./yql.rb --consumer-key <key> --consumer-secret <secret> "show tables"
+#  ./yql.rb --consumer-key <key> --consumer-secret <secret> "select * from flickr.photos.search where text='Cat' limit 10"
+
+require 'oauth'
+require 'optparse'
+require 'json'
+require 'pp'
+
+options = {}
+
+option_parser = OptionParser.new do |opts|
+  opts.banner = "Usage: #{$0} [options] <query>"
+
+  opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
+    options[:consumer_key] = v
+  end
+
+  opts.on("--consumer-secret SECRET", "Specifies the consumer secret to use.") do |v|
+    options[:consumer_secret] = v
+  end
+end
+
+option_parser.parse!
+query = ARGV.pop
+query = STDIN.read if query == "-"
+
+if options[:consumer_key].nil? || options[:consumer_secret].nil? || query.nil?
+  puts option_parser.help
+  exit 1
+end
+
+consumer = OAuth::Consumer.new \
+  options[:consumer_key],
+  options[:consumer_secret],
+  :site => "http://query.yahooapis.com"
+
+access_token = OAuth::AccessToken.new(consumer)
+
+response = access_token.request(:get, "/v1/yql?q=#{OAuth::Helper.escape(query)}&format=json")
+rsp = JSON.parse(response.body)
+pp rsp

data/lib/oauth.rb

@@ -1,3 +1,4 @@
+require 'oauth/oauth'
 require 'oauth/client/helper'
 require 'oauth/signature/hmac/sha1'
 require 'oauth/request_proxy/mock_request'

data/lib/oauth/cli.rb

@@ -3,67 +3,210 @@ require 'oauth'
 
 module OAuth
   class CLI
-    SUPPORTED_COMMANDS = %w(sign)
+    SUPPORTED_COMMANDS = {
+      "authorize" => "Obtain an access token and secret for a user",
+      "debug"     => "Verbosely generate an OAuth signature",
+      "query"     => "Query a protected resource",
+      "sign"      => "Generate an OAuth signature",
+      "version"   => "Display the current version of the library"
+    }
 
     attr_reader :command
     attr_reader :options
-    attr_reader :stdout
+    attr_reader :stdout, :stdin
 
-    def self.execute(stdout, arguments = [])
-      self.new.execute(stdout, arguments)
+    def self.execute(stdout, stdin, stderr, arguments = [])
+      self.new.execute(stdout, stdin, stderr, arguments)
     end
 
-    def execute(stdout, arguments = [])
+    def initialize
+      @options = {}
+
+      # don't dump a backtrace on a ^C
+      trap(:INT) {
+        exit
+      }
+    end
+
+    def execute(stdout, stdin, stderr, arguments = [])
       @stdout = stdout
+      @stdin  = stdin
+      @stderr = stderr
       extract_command_and_parse_options(arguments)
 
       if sufficient_options? && valid_command?
+        if command == "debug"
+          @command = "sign"
+          @options[:verbose] = true
+        end
+
         case command
+        # TODO move command logic elsewhere
+        when "authorize"
+          begin
+            consumer = OAuth::Consumer.new \
+              options[:oauth_consumer_key],
+              options[:oauth_consumer_secret],
+              :access_token_url  => options[:access_token_url],
+              :authorize_url     => options[:authorize_url],
+              :request_token_url => options[:request_token_url],
+              :scheme            => options[:scheme],
+              :http_method       => options[:method].to_s.downcase.to_sym
+
+            # parameters for OAuth 1.0a
+            oauth_verifier = nil
+
+            # get a request token
+            request_token = consumer.get_request_token({ :oauth_callback => options[:oauth_callback] }, { "scope" => options[:scope] })
+
+            if request_token.callback_confirmed?
+              stdout.puts "Server appears to support OAuth 1.0a; enabling support."
+              options[:version] = "1.0a"
+            end
+
+            stdout.puts "Please visit this url to authorize:"
+            stdout.puts request_token.authorize_url
+
+            if options[:version] == "1.0a"
+              stdout.puts "Please enter the verification code provided by the SP (oauth_verifier):"
+              oauth_verifier = stdin.gets.chomp
+            else
+              stdout.puts "Press return to continue..."
+              stdin.gets
+            end
+
+            begin
+              # get an access token
+              access_token = request_token.get_access_token(:oauth_verifier => oauth_verifier)
+
+              stdout.puts "Response:"
+              access_token.params.each do |k,v|
+                stdout.puts "  #{k}: #{v}" unless k.is_a?(Symbol)
+              end
+            rescue OAuth::Unauthorized => e
+              stderr.puts "A problem occurred while attempting to obtain an access token:"
+              stderr.puts e
+              stderr.puts e.request.body
+            end
+          rescue OAuth::Unauthorized => e
+            stderr.puts "A problem occurred while attempting to authorize:"
+            stderr.puts e
+            stderr.puts e.request.body
+          end
+        when "query"
+          consumer = OAuth::Consumer.new \
+            options[:oauth_consumer_key],
+            options[:oauth_consumer_secret],
+            :scheme => options[:scheme]
+
+          access_token = OAuth::AccessToken.new(consumer, options[:oauth_token], options[:oauth_token_secret])
+
+          # append params to the URL
+          uri = URI.parse(options[:uri])
+          params = prepare_parameters.map { |k,v| v.map { |v2| "#{URI.encode(k)}=#{URI.encode(v2)}" } * "&" }
+          uri.query = [uri.query, *params].reject { |x| x.nil? } * "&"
+          p uri.to_s
+
+          response = access_token.request(options[:method].downcase.to_sym, uri.to_s)
+          puts "#{response.code} #{response.message}"
+          puts response.body
         when "sign"
+          parameters = prepare_parameters
+
           request = OAuth::RequestProxy.proxy \
              "method"     => options[:method],
              "uri"        => options[:uri],
-             "parameters" => prepare_parameters
+             "parameters" => parameters
 
-          # can't pass options unless they respond to :secret, so use this alternative
-          signature = OAuth::Signature.sign \
-            request,
-            :consumer_secret => options[:oauth_consumer_secret],
-            :token_secret    => options[:oauth_token_secret] do |request|
-
-            # while we have access to the request being signed, display some internals
-            if verbose?
-              stdout.puts "Method: #{request.method}"
-              stdout.puts "URI: #{request.uri}"
-              stdout.puts "Normalized params: #{request.normalized_parameters}"
-              stdout.puts "Signature base string: #{request.signature_base_string}"
+          if verbose?
+            stdout.puts "OAuth parameters:"
+            request.oauth_parameters.each do |k,v|
+              stdout.puts "  " + [k, v] * ": "
+            end
+            stdout.puts
+
+            if request.non_oauth_parameters.any?
+              stdout.puts "Parameters:"
+              request.non_oauth_parameters.each do |k,v|
+                stdout.puts "  " + [k, v] * ": "
+              end
+              stdout.puts
             end
           end
 
+          request.sign! \
+            :consumer_secret => options[:oauth_consumer_secret],
+            :token_secret    => options[:oauth_token_secret]
+
           if verbose?
-            stdout.puts "Signature:         #{signature}"
-            stdout.puts "Escaped signature: #{OAuth::Helper.escape(signature)}"
+            stdout.puts "Method: #{request.method}"
+            stdout.puts "URI: #{request.uri}"
+            stdout.puts "Normalized params: #{request.normalized_parameters}" unless options[:xmpp]
+            stdout.puts "Signature base string: #{request.signature_base_string}"
+
+            if options[:xmpp]
+              stdout.puts
+              stdout.puts "XMPP Stanza:"
+              stdout.puts <<-EOS
+  <oauth xmlns='urn:xmpp:oauth:0'>
+    <oauth_consumer_key>#{request.oauth_consumer_key}</oauth_consumer_key>
+    <oauth_token>#{request.oauth_token}</oauth_token>
+    <oauth_signature_method>#{request.oauth_signature_method}</oauth_signature_method>
+    <oauth_signature>#{request.oauth_signature}</oauth_signature>
+    <oauth_timestamp>#{request.oauth_timestamp}</oauth_timestamp>
+    <oauth_nonce>#{request.oauth_nonce}</oauth_nonce>
+    <oauth_version>#{request.oauth_version}</oauth_version>
+  </oauth>
+              EOS
+              stdout.puts
+              stdout.puts "Note: You may want to use bare JIDs in your URI."
+              stdout.puts
+            else
+              stdout.puts "OAuth Request URI: #{request.signed_uri}"
+              stdout.puts "Request URI: #{request.signed_uri(false)}"
+              stdout.puts "Authorization header: #{request.oauth_header(:realm => options[:realm])}"
+            end
+            stdout.puts "Signature:         #{request.oauth_signature}"
+            stdout.puts "Escaped signature: #{OAuth::Helper.escape(request.oauth_signature)}"
           else
-            stdout.puts signature
+            stdout.puts request.oauth_signature
           end
+        when "version"
+          puts "OAuth for Ruby #{OAuth::VERSION}"
         end
       else
         usage
       end
     end
 
+  protected
+
     def extract_command_and_parse_options(arguments)
       @command = arguments[-1]
       parse_options(arguments[0..-1])
     end
 
-    def parse_options(arguments)
-      @options = {}
-      OptionParser.new do |opts|
+    def option_parser(arguments = "")
+      # TODO add realm parameter
+      # TODO add user-agent parameter
+      option_parser = OptionParser.new do |opts|
         opts.banner = "Usage: #{$0} [options] <command>"
 
         # defaults
+        options[:oauth_nonce] = OAuth::Helper.generate_key
         options[:oauth_signature_method] = "HMAC-SHA1"
+        options[:oauth_timestamp] = OAuth::Helper.generate_timestamp
+        options[:oauth_version] = "1.0"
+        options[:method] = :post
+        options[:params] = []
+        options[:scheme] = :header
+        options[:version] = "1.0"
+
+        ## Common Options
+
+        opts.on("-B", "--body", "Use the request body for OAuth parameters.") do
+          options[:scheme] = :body
+        end
 
         opts.on("--consumer-key KEY", "Specifies the consumer key to use.") do |v|
           options[:oauth_consumer_key] = v
@@ -73,12 +216,32 @@ module OAuth
           options[:oauth_consumer_secret] = v
         end
 
+        opts.on("-H", "--header", "Use the 'Authorization' header for OAuth parameters (default).") do
+          options[:scheme] = :header
+        end
+
+        opts.on("-Q", "--query-string", "Use the query string for OAuth parameters.") do
+          options[:scheme] = :query_string
+        end
+
+        opts.on("-O", "--options FILE", "Read options from a file") do |v|
+          arguments.unshift(*open(v).readlines.map { |l| l.chomp.split(" ") }.flatten)
+        end
+
+        ## Options for signing and making requests
+
+        opts.separator("\n  options for signing and querying")
+
         opts.on("--method METHOD", "Specifies the method (e.g. GET) to use when signing.") do |v|
           options[:method] = v
         end
 
+        opts.on("--nonce NONCE", "Specifies the none to use.") do |v|
+          options[:oauth_nonce] = v
+        end
+
         opts.on("--parameters PARAMS", "Specifies the parameters to use when signing.") do |v|
-          options[:params] = v
+          options[:params] << v
         end
 
         opts.on("--signature-method METHOD", "Specifies the signature method to use; defaults to HMAC-SHA1.") do |v|
@@ -89,38 +252,123 @@ module OAuth
           options[:oauth_token_secret] = v
         end
 
+        opts.on("--timestamp TIMESTAMP", "Specifies the timestamp to use.") do |v|
+          options[:oauth_timestamp] = v
+        end
+
         opts.on("--token TOKEN", "Specifies the token to use.") do |v|
           options[:oauth_token] = v
         end
 
+        opts.on("--realm REALM", "Specifies the realm to use.") do |v|
+          options[:realm] = v
+        end
+
         opts.on("--uri URI", "Specifies the URI to use when signing.") do |v|
           options[:uri] = v
         end
 
+        opts.on(:OPTIONAL, "--version VERSION", "Specifies the OAuth version to use.") do |v|
+          if v
+            options[:oauth_version] = v
+          else
+            @command = "version"
+          end
+        end
+
+        opts.on("--no-version", "Omit oauth_version.") do
+          options[:oauth_version] = nil
+        end
+
+        opts.on("--xmpp", "Generate XMPP stanzas.") do
+          options[:xmpp] = true
+          options[:method] ||= "iq"
+        end
+
         opts.on("-v", "--verbose", "Be verbose.") do
           options[:verbose] = true
         end
-      end.parse!(arguments)
+
+        ## Options for authorization
+
+        opts.separator("\n  options for authorization")
+
+        opts.on("--access-token-url URL", "Specifies the access token URL.") do |v|
+          options[:access_token_url] = v
+        end
+
+        opts.on("--authorize-url URL", "Specifies the authorization URL.") do |v|
+          options[:authorize_url] = v
+        end
+
+        opts.on("--callback-url URL", "Specifies a callback URL.") do |v|
+          options[:oauth_callback] = v
+        end
+
+        opts.on("--request-token-url URL", "Specifies the request token URL.") do |v|
+          options[:request_token_url] = v
+        end
+
+        opts.on("--scope SCOPE", "Specifies the scope (Google-specific).") do |v|
+          options[:scope] = v
+        end
+      end
+    end
+
+    def parse_options(arguments)
+      option_parser(arguments).parse!(arguments)
     end
 
     def prepare_parameters
+      escaped_pairs = options[:params].collect do |pair|
+        if pair =~ /:/
+          Hash[*pair.split(":", 2)].collect do |k,v|
+            [CGI.escape(k.strip), CGI.escape(v.strip)] * "="
+          end
+        else
+          pair
+        end
+      end
+
+      querystring = escaped_pairs * "&"
+      cli_params = CGI.parse(querystring)
+
       {
         "oauth_consumer_key"     => options[:oauth_consumer_key],
+        "oauth_nonce"            => options[:oauth_nonce],
+        "oauth_timestamp"        => options[:oauth_timestamp],
         "oauth_token"            => options[:oauth_token],
-        "oauth_signature_method" => options[:oauth_signature_method]
-      }.merge(CGI.parse(options[:params]))
+        "oauth_signature_method" => options[:oauth_signature_method],
+        "oauth_version"          => options[:oauth_version]
+      }.reject { |k,v| v.nil? || v == "" }.merge(cli_params)
     end
 
     def sufficient_options?
-      options[:oauth_consumer_key] && options[:oauth_consumer_secret] && options[:method] && options[:uri]
+      case command
+      # TODO move command logic elsewhere
+      when "authorize"
+        options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
+          options[:access_token_url] && options[:authorize_url] &&
+          options[:request_token_url]
+      when "version"
+        true
+      else
+        options[:oauth_consumer_key] && options[:oauth_consumer_secret] &&
+          options[:method] && options[:uri]
+      end
     end
 
     def usage
-      stdout.puts "Should be generated by OptionParser"
+      stdout.puts option_parser.help
+      stdout.puts
+      stdout.puts "Available commands:"
+      SUPPORTED_COMMANDS.each do |command, desc|
+        puts "   #{command.ljust(15)}#{desc}"
+      end
     end
 
     def valid_command?
-      SUPPORTED_COMMANDS.include?(command)
+      SUPPORTED_COMMANDS.keys.include?(command)
     end
 
     def verbose?