rockoauth 0.1.0 → 0.1.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/History.txt +5 -0
- data/{README.rdoc → README.md} +231 -201
- data/lib/rockoauth/router.rb +4 -2
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 978641dedf53babddc14831506f6f5b645d716c9
|
4
|
+
data.tar.gz: 264bbbaff1ab004f2a3a3db28289cd034f77b4b0
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: ad48d4a0ed1b412b3301dc6b700bc1d9d0866170015d64e7e1b51ae9d5618b2069b095684b9a532efb7f1fb8f5a3ddb1bf301da4e66ef832444f8e331f91823a
|
7
|
+
data.tar.gz: 9e6efa558adb2db2b0c2697f08166cf4a52a677693905dca41127b60a7ad5864d761cf45ec2e39ab0b5bacfd64c30c84e6ebc5b500d5009172b874b29d9d7605
|
data/History.txt
CHANGED
data/{README.rdoc → README.md}
RENAMED
@@ -1,4 +1,8 @@
|
|
1
|
-
|
1
|
+
[![Gem Version](https://badge.fury.io/rb/rockoauth.png)](https://rubygems.org/gems/rockoauth)
|
2
|
+
[![Build Status](https://secure.travis-ci.org/rocketmade/rockoauth.png?branch=master)](http://travis-ci.org/rocketmade/rockoauth)
|
3
|
+
[![Code Climate](https://codeclimate.com/github/rocketmade/rockoauth.png)](https://codeclimate.com/github/rocketmade/rockoauth)
|
4
|
+
|
5
|
+
# RockOAuth Oauth 2 Provider
|
2
6
|
|
3
7
|
This gem provides a toolkit for adding OAuth2 provider capabilities to a Ruby
|
4
8
|
web app. It handles most of the protocol for you: it is designed to provide
|
@@ -9,20 +13,34 @@ authenticating your users and letting them grant access to client apps.
|
|
9
13
|
It is also designed to be usable within any web frontend, at least those of
|
10
14
|
Rails and Sinatra. Its API uses Rack request-environment hashes rather than
|
11
15
|
framework-specific request objects, though you can pass those in and their
|
12
|
-
|
16
|
+
`request.env` property will be used internally.
|
13
17
|
|
14
18
|
It stores the clients and authorizations using ActiveRecord.
|
15
19
|
|
16
|
-
It is forked from songkick-oauth2-provider
|
20
|
+
It is forked from [songkick-oauth2-provider](https://github.com/songkick/oauth2-provider).
|
17
21
|
With much appreciation for their excellent work.
|
18
22
|
|
19
|
-
|
23
|
+
## Installation
|
24
|
+
|
25
|
+
```bash
|
26
|
+
gem install rockoauth
|
27
|
+
```
|
28
|
+
|
29
|
+
## Supported versions
|
20
30
|
|
21
|
-
|
31
|
+
This gem is tested on:
|
22
32
|
|
23
|
-
|
33
|
+
- Ruby
|
34
|
+
- 1.9.3
|
35
|
+
- 2.0.0
|
36
|
+
- 2.1.0
|
37
|
+
- Active Record
|
38
|
+
- 4.0
|
39
|
+
- 4.1
|
24
40
|
|
25
|
-
|
41
|
+
### A note on versioning
|
42
|
+
|
43
|
+
This library is based on [draft-10](http://tools.ietf.org/html/draft-ietf-oauth-v2-10),
|
26
44
|
which was current when we began writing it. Having observed the development of
|
27
45
|
the OAuth 2.0 spec over time, we have decided not to upgrade to later drafts
|
28
46
|
until the spec is finalized. There is not enough meaningful change going on to
|
@@ -31,268 +49,277 @@ turbulence and make it hard to reason about exactly what semantics the library
|
|
31
49
|
supports.
|
32
50
|
|
33
51
|
During draft state, the gem version will indicate which draft it implements
|
34
|
-
using the minor version, for example
|
52
|
+
using the minor version, for example `0.10.2` means the second bug-fix
|
35
53
|
release for draft 10.
|
36
54
|
|
55
|
+
## Terminology
|
37
56
|
|
38
|
-
|
39
|
-
|
40
|
-
* <b>Client</b>: A third-party software system that integrates with the provider.
|
57
|
+
- __Client__: A third-party software system that integrates with the provider.
|
41
58
|
Twitter and Facebook call this an "app".
|
42
|
-
|
59
|
+
- __Client Owner__: The entity which owns a __client__, i.e. the
|
43
60
|
individual or company responsible for the client application.
|
44
|
-
|
45
|
-
which has the data that the
|
46
|
-
|
47
|
-
|
61
|
+
- __Resource Owner__: This will almost certainly be a User. It's the entity
|
62
|
+
which has the data that the __client__ is asking permission to see.
|
63
|
+
- __Authorization__: When a __resource owner__ grants access to a
|
64
|
+
__client__ (i.e., a user grants access to a company's app), an
|
48
65
|
authorization is created. This can typically be revoked by the user at any
|
49
66
|
time (which is the strength and flexibility of the OAuth architecture).
|
50
|
-
|
51
|
-
A
|
67
|
+
- __Access Token__: An opaque string representing an __authorization__.
|
68
|
+
A __client__ is given an access token when a __resource owner__ grants
|
52
69
|
it access to resources. The access token must be included in all requests for
|
53
70
|
protected resources.
|
54
71
|
|
72
|
+
## Usage
|
55
73
|
|
56
|
-
|
57
|
-
|
58
|
-
A basic example is in <tt>example/application.rb</tt>. To implement OAuth, you
|
74
|
+
A basic example is in [`example/application.rb`](example/application.rb). To implement OAuth, you
|
59
75
|
need to provide four things:
|
60
76
|
|
61
|
-
|
62
|
-
|
63
|
-
|
64
|
-
|
77
|
+
- Some UI to register client applications
|
78
|
+
- The OAuth request endpoint
|
79
|
+
- A flow for logged-in users to grant access to clients
|
80
|
+
- Resources protected by access tokens
|
65
81
|
|
82
|
+
### Declare your app's name
|
66
83
|
|
67
|
-
|
68
|
-
|
69
|
-
Declare your app's name somewhere (for example in Rails, in <tt>application.rb</tt>
|
84
|
+
Declare your app's name somewhere (for example in Rails, in `application.rb`
|
70
85
|
or an initializer):
|
71
86
|
|
72
|
-
|
73
|
-
|
74
|
-
|
87
|
+
```ruby
|
88
|
+
require 'rockoauth/provider'
|
89
|
+
RockOAuth::Provider.realm = 'My OAuth app'
|
90
|
+
```
|
75
91
|
|
76
|
-
|
92
|
+
### HTTPS
|
77
93
|
|
78
94
|
Your application should ensure that any endpoint that receives or returns OAuth
|
79
|
-
data is only accessible over a secure transport such as the
|
80
|
-
protocol.
|
95
|
+
data is only accessible over a secure transport such as the `https:`
|
96
|
+
protocol. `RockOAuth::Provider` can enforce this to make it easier
|
81
97
|
to keep your users' data secure.
|
82
98
|
|
83
|
-
You can set
|
99
|
+
You can set `RockOAuth::Provider.enforce_ssl = true` in the same
|
84
100
|
place that you declared your app name above. This will result in the following
|
85
101
|
behavior:
|
86
102
|
|
87
|
-
|
103
|
+
- The `RockOAuth::Provider.parse` method will produce error
|
88
104
|
responses and will not process the incoming request unless the request was
|
89
|
-
made using the
|
90
|
-
|
91
|
-
will return
|
92
|
-
using the
|
93
|
-
|
105
|
+
made using the `https:` protocol.
|
106
|
+
- An access token constructed using `RockOAuth::Provider.access_token`
|
107
|
+
will return `false` for `#valid?` unless the request was made
|
108
|
+
using the `https:` protocol.
|
109
|
+
- Any access token received over an insecure connection is immediately destroyed
|
94
110
|
to prevent eavesdroppers getting access to the user's resources. A client
|
95
111
|
making an insecure request will have to send the user through the
|
96
112
|
authorization process again to get a new token.
|
97
113
|
|
114
|
+
### Schema
|
98
115
|
|
99
|
-
|
100
|
-
|
101
|
-
Add the <tt>RockOAuth::Provider</tt> tables to your app's schema. This is
|
102
|
-
done using <tt>RockOAuth::Model::Schema.migrate</tt>, which will run all
|
116
|
+
Add the `RockOAuth::Provider` tables to your app's schema. This is
|
117
|
+
done using `RockOAuth::Model::Schema.migrate`, which will run all
|
103
118
|
the gem's migrations that have not yet been applied to your database.
|
104
119
|
|
105
|
-
|
106
|
-
|
107
|
-
|
108
|
-
|
109
|
-
|
110
|
-
|
111
|
-
|
112
|
-
|
120
|
+
```ruby
|
121
|
+
RockOAuth::Model::Schema.migrate
|
122
|
+
I, [2012-10-31T14:52:33.801428 #7002] INFO -- : Migrating to RockoauthSchemaOriginalSchema (20120828112156)
|
123
|
+
== Rockoauth2SchemaOriginalSchema: migrating =============================
|
124
|
+
-- create_table(:oauth2_clients)
|
125
|
+
-> 0.0029s
|
126
|
+
-- add_index(:oauth2_clients, [:client_id])
|
127
|
+
-> 0.0009s
|
128
|
+
...
|
129
|
+
```
|
113
130
|
|
114
|
-
To rollback migrations, use
|
131
|
+
To rollback migrations, use `RockOAuth::Model::Schema.rollback`.
|
115
132
|
|
116
|
-
|
117
|
-
=== Model Mixins
|
133
|
+
### Model Mixins
|
118
134
|
|
119
135
|
There are two mixins you need to put in your code,
|
120
|
-
|
121
|
-
"apps", and
|
136
|
+
`RockOAuth::Model::ClientOwner` for whichever model will own the
|
137
|
+
"apps", and `RockOAuth::Model::ResourceOwner` for whichever model
|
122
138
|
is the innocent, unassuming entity who will selectively share their data. It's
|
123
|
-
possible that this is the same model, such as User
|
139
|
+
possible that this is the same model, such as `User`:
|
124
140
|
|
125
|
-
|
126
|
-
|
127
|
-
|
128
|
-
|
129
|
-
|
141
|
+
```ruby
|
142
|
+
class User < ActiveRecord::Base
|
143
|
+
include RockOAuth::Model::ResourceOwner
|
144
|
+
include RockOAuth::Model::ClientOwner
|
145
|
+
has_many :interesting_pieces_of_data
|
146
|
+
end
|
147
|
+
```
|
130
148
|
|
131
149
|
Or they might go into two different models:
|
132
150
|
|
133
|
-
|
134
|
-
|
135
|
-
|
136
|
-
|
151
|
+
```ruby
|
152
|
+
class User < ActiveRecord::Base
|
153
|
+
include RockOAuth::Model::ResourceOwner
|
154
|
+
has_many :interesting_pieces_of_data
|
155
|
+
end
|
137
156
|
|
138
|
-
|
139
|
-
|
140
|
-
|
141
|
-
|
157
|
+
class Company < ActiveRecord::Base
|
158
|
+
include RockOAuth::Model::ClientOwner
|
159
|
+
belongs_to :user
|
160
|
+
end
|
161
|
+
```
|
142
162
|
|
143
163
|
To see the methods and associations that these two mixins add to your models,
|
144
|
-
take a look at
|
145
|
-
|
146
|
-
|
164
|
+
take a look at ['lib/rockoauth/model/client_owner.rb'](lib/rockoauth/model/client_owner.rb) and
|
165
|
+
['lib/rockoauth/model/resource_owner.rb'](lib/rockoauth/model/resource_owner.rb).
|
147
166
|
|
148
|
-
|
167
|
+
### Registering client applications
|
149
168
|
|
150
|
-
Clients are modeled by the
|
169
|
+
Clients are modeled by the `RockOAuth::Model::Client` class, which
|
151
170
|
is an ActiveRecord model. You just need to implement a UI for creating them, for
|
152
171
|
example in a Sinatra app:
|
153
172
|
|
154
|
-
|
155
|
-
|
156
|
-
|
157
|
-
|
173
|
+
```ruby
|
174
|
+
get '/oauth/apps/new' do
|
175
|
+
@client = RockOAuth::Model::Client.new
|
176
|
+
erb :new_client
|
177
|
+
end
|
158
178
|
|
159
|
-
|
160
|
-
|
161
|
-
|
162
|
-
|
179
|
+
post '/oauth/apps' do
|
180
|
+
@client = RockOAuth::Model::Client.new(params)
|
181
|
+
@client.save ? erb(:show_client) : erb(:new_client)
|
182
|
+
end
|
183
|
+
```
|
163
184
|
|
164
|
-
Client applications must have a
|
185
|
+
Client applications must have a `name` and a `redirect_uri`:
|
165
186
|
provide fields for editing these but do not allow the other fields to be edited,
|
166
187
|
since they are the client's access credentials. When you've created the client,
|
167
188
|
you should show its details to the user registering the client: its
|
168
|
-
|
169
|
-
|
170
|
-
|
189
|
+
`name`, `redirect_uri`, `client_id` and
|
190
|
+
`client_secret` (the last two are generated for you).
|
191
|
+
`client_secret` is not stored in plain text so you can only read it when
|
171
192
|
you initially create the client object.
|
172
193
|
|
173
|
-
|
174
|
-
=== OAuth request endpoint
|
194
|
+
### OAuth request endpoint
|
175
195
|
|
176
196
|
This is a path that your application exposes in order for clients to communicate
|
177
197
|
with your application. It is also the page that the client will send users to
|
178
198
|
so they can authenticate and grant access. Many requests to this endpoint will
|
179
199
|
be protocol-level requests that do not involve the user, and
|
180
|
-
|
200
|
+
`RockOAuth::Provider` gives you a generic way to handle all that.
|
181
201
|
|
182
202
|
You should use this to get the right response, status code and headers to send
|
183
|
-
to the client. In the event that
|
203
|
+
to the client. In the event that `RockOAuth::Provider` does not
|
184
204
|
provide a response, you should render a page that lets the user begin to
|
185
205
|
authenticate and grant access. This can happen in two cases:
|
186
206
|
|
187
|
-
|
207
|
+
- The client makes a valid Authorization request. In this case you should
|
188
208
|
display a login flow to the user so they can authenticate and grant access to
|
189
209
|
the client.
|
190
|
-
|
210
|
+
- The client makes an invalid Authorization request and the provider cannot
|
191
211
|
redirect back to the client. In this case you should display an error page
|
192
|
-
to the user, possibly including the value of
|
212
|
+
to the user, possibly including the value of `@oauth2.error_description`.
|
193
213
|
|
194
214
|
This endpoint must be accessible via GET and POST. In this example we will
|
195
|
-
expose the OAuth service through the path
|
196
|
-
there is a logged-in resource owner and give this to
|
215
|
+
expose the OAuth service through the path `/oauth/authorize`. We check if
|
216
|
+
there is a logged-in resource owner and give this to `OAuth::Provider`,
|
197
217
|
since we may be able to immediately redirect if the user has already authorized
|
198
218
|
the client:
|
199
219
|
|
200
|
-
|
201
|
-
|
202
|
-
|
203
|
-
|
204
|
-
|
205
|
-
|
206
|
-
|
207
|
-
|
208
|
-
|
209
|
-
|
210
|
-
|
211
|
-
|
212
|
-
|
213
|
-
|
214
|
-
|
215
|
-
|
216
|
-
|
217
|
-
|
218
|
-
|
220
|
+
```ruby
|
221
|
+
[:get, :post].each do |method|
|
222
|
+
__send__ method, '/oauth/authorize' do
|
223
|
+
@owner = User.find_by_id(session[:user_id])
|
224
|
+
@oauth2 = RockOAuth::Provider.parse(@owner, env)
|
225
|
+
|
226
|
+
if @oauth2.redirect?
|
227
|
+
redirect @oauth2.redirect_uri, @oauth2.response_status
|
228
|
+
end
|
229
|
+
|
230
|
+
headers @oauth2.response_headers
|
231
|
+
status @oauth2.response_status
|
232
|
+
|
233
|
+
if body = @oauth2.response_body
|
234
|
+
body
|
235
|
+
elsif @oauth2.valid?
|
236
|
+
erb :login
|
237
|
+
else
|
238
|
+
erb :error
|
219
239
|
end
|
220
240
|
end
|
241
|
+
end
|
242
|
+
```
|
221
243
|
|
222
244
|
There is a set of parameters that you will need to hold on to for when your app
|
223
245
|
needs to redirect back to the client. You could store them in the session, or
|
224
246
|
pass them through forms as the user completes the flow. For example to embed
|
225
247
|
them in the login form, do this:
|
226
248
|
|
227
|
-
|
228
|
-
|
229
|
-
|
249
|
+
```erb
|
250
|
+
<% @oauth2.params.each do |key, value| %>
|
251
|
+
<input type="hidden" name="<%= key %>" value="<%= value %>">
|
252
|
+
<% end %>
|
253
|
+
```
|
230
254
|
|
231
255
|
You may also want to use scopes to provide granular access to your domain using
|
232
|
-
|
256
|
+
_scopes_. The `@oauth2` object exposes the scopes the client has
|
233
257
|
asked for so you can display them to the user:
|
234
258
|
|
235
|
-
|
259
|
+
```erb
|
260
|
+
<p>The application <%= @oauth2.client.name %> wants the following permissions:</p>
|
236
261
|
|
237
|
-
|
238
|
-
|
239
|
-
|
240
|
-
|
241
|
-
|
262
|
+
<ul>
|
263
|
+
<% @oauth2.scopes.each do |scope| %>
|
264
|
+
<li><%= PERMISSION_UI_STRINGS[scope] %></li>
|
265
|
+
<% end %>
|
266
|
+
</ul>
|
267
|
+
```
|
242
268
|
|
243
|
-
You can also use the method
|
269
|
+
You can also use the method `@oauth2.unauthorized_scopes` to get the list
|
244
270
|
of scopes the user has not already granted to the client, in the case where the
|
245
271
|
client already has some authorization. If no prior authorization exists between
|
246
|
-
the user and the client,
|
272
|
+
the user and the client, `@oauth2.unauthorized_scopes` just returns all
|
247
273
|
the scopes the client has asked for.
|
248
274
|
|
249
|
-
|
250
|
-
=== Granting access to clients
|
275
|
+
### Granting access to clients
|
251
276
|
|
252
277
|
Once the user has authenticated you should show them a page to let them grant
|
253
278
|
or deny access to the client application. This is straightforward; let's say the
|
254
279
|
user checks a box before posting a form to indicate their intent:
|
255
280
|
|
256
|
-
|
257
|
-
|
258
|
-
|
281
|
+
```ruby
|
282
|
+
post '/oauth/allow' do
|
283
|
+
@user = User.find_by_id(session[:user_id])
|
284
|
+
@auth = RockOAuth::Provider::Authorization.new(@user, params)
|
259
285
|
|
260
|
-
|
261
|
-
|
262
|
-
|
263
|
-
|
264
|
-
end
|
265
|
-
redirect @auth.redirect_uri, @auth.response_status
|
286
|
+
if params['allow'] == '1'
|
287
|
+
@auth.grant_access!
|
288
|
+
else
|
289
|
+
@auth.deny_access!
|
266
290
|
end
|
291
|
+
redirect @auth.redirect_uri, @auth.response_status
|
292
|
+
end
|
293
|
+
```
|
267
294
|
|
268
295
|
After granting or denying access, we just redirect back to the client using a
|
269
|
-
URI that
|
270
|
-
|
296
|
+
URI that `RockOAuth::Provider` will provide for you.
|
271
297
|
|
272
|
-
|
298
|
+
### Using password credentials
|
273
299
|
|
274
300
|
If you like, OAuth lets you use a user's login credentials to authenticate with
|
275
301
|
a provider. In this case the client application must request these credentials
|
276
302
|
directly from the user and then post them to the exchange endpoint. On the
|
277
|
-
provider side you can handle this using the
|
278
|
-
|
279
|
-
|
280
|
-
|
281
|
-
|
282
|
-
|
283
|
-
|
284
|
-
|
285
|
-
|
286
|
-
|
303
|
+
provider side you can handle this using the `handle_passwords` and
|
304
|
+
`grant_access!` API methods, for example:
|
305
|
+
|
306
|
+
```ruby
|
307
|
+
RockOAuth::Provider.handle_passwords do |client, username, password, scopes|
|
308
|
+
user = User.find_by_username(username)
|
309
|
+
if user.authenticate?(password)
|
310
|
+
user.grant_access!(client, :scopes => scopes, :duration => 1.day)
|
311
|
+
else
|
312
|
+
nil
|
287
313
|
end
|
314
|
+
end
|
315
|
+
```
|
288
316
|
|
289
|
-
The block receives the
|
290
|
-
password and a
|
291
|
-
|
292
|
-
should return
|
317
|
+
The block receives the `Client` making the request, the username,
|
318
|
+
password and a `Set` of the requested scopes. It must return
|
319
|
+
`user.grant_access!(client)` if you want to allow access, otherwise it
|
320
|
+
should return `nil`.
|
293
321
|
|
294
|
-
|
295
|
-
=== Using assertions
|
322
|
+
### Using assertions
|
296
323
|
|
297
324
|
Assertions provide a way to access your OAuth services using user credentials
|
298
325
|
from another service. When using assertions, the user will not authenticate on
|
@@ -306,79 +333,83 @@ would then pass this token to your OAuth endpoint and exchange it for an access
|
|
306
333
|
token from your site. You will typically create an account in your database to
|
307
334
|
represent this, then have that new account grant access to the client.
|
308
335
|
|
309
|
-
To use assertions, you must tell
|
336
|
+
To use assertions, you must tell `RockOAuth::Provider` how to
|
310
337
|
handle assertions based on their type. An assertion type must be a valid URI.
|
311
338
|
For the Facebook example we'd do the following. The block yields the
|
312
|
-
|
313
|
-
which in this example will be a Facebook access token, and a
|
339
|
+
`Client` object making the exchange request, the value of the assertion,
|
340
|
+
which in this example will be a Facebook access token, and a `Set` of
|
314
341
|
requested scopes.
|
315
342
|
|
316
|
-
|
317
|
-
|
318
|
-
|
343
|
+
```ruby
|
344
|
+
RockOAuth::Provider.handle_assertions 'https://graph.facebook.com/me' do |client, assertion, scopes|
|
345
|
+
facebook = URI.parse('https://graph.facebook.com/me?access_token=' + assertion)
|
346
|
+
response = Net::HTTP.get_response(facebook)
|
319
347
|
|
320
|
-
|
321
|
-
|
348
|
+
user_data = JSON.parse(response.body)
|
349
|
+
account = User.from_facebook_data(user_data)
|
322
350
|
|
323
|
-
|
324
|
-
|
351
|
+
account.grant_access!(client, :scopes => scopes)
|
352
|
+
end
|
353
|
+
```
|
325
354
|
|
326
355
|
This code should run when your app boots, not during a request handler - think
|
327
|
-
of it as configuration for
|
356
|
+
of it as configuration for `RockOAuth::Provider`. The framework
|
328
357
|
will invoke it when a client attempts to use assertions with your OAuth endpoint.
|
329
358
|
|
330
|
-
The final call in your handler should be to
|
331
|
-
an
|
359
|
+
The final call in your handler should be to `grant_access!`; this returns
|
360
|
+
an `Authorization` object that the framework then uses to complete the
|
332
361
|
response to the client. If you want to deny the request for whatever reason, the
|
333
|
-
block must return
|
362
|
+
block must return `nil`. If a client tries to use an assertion type you
|
334
363
|
have no handler for, the client will get an error response.
|
335
364
|
|
336
|
-
|
337
|
-
=== Protecting resources with access tokens
|
365
|
+
### Protecting resources with access tokens
|
338
366
|
|
339
367
|
To protect the user's resources you need to check for access tokens. This is
|
340
368
|
simple, for example a call to get a user's notes:
|
341
369
|
|
342
|
-
|
343
|
-
|
344
|
-
|
370
|
+
```ruby
|
371
|
+
get '/user/:username/notes' do
|
372
|
+
user = User.find_by_username(params[:username])
|
373
|
+
token = RockOAuth::Provider.access_token(user, ['read_notes'], env)
|
345
374
|
|
346
|
-
|
347
|
-
|
375
|
+
headers token.response_headers
|
376
|
+
status token.response_status
|
348
377
|
|
349
|
-
|
350
|
-
|
351
|
-
|
352
|
-
|
353
|
-
end
|
378
|
+
if token.valid?
|
379
|
+
JSON.unparse('notes' => user.notes)
|
380
|
+
else
|
381
|
+
JSON.unparse('error' => 'No notes for you!')
|
354
382
|
end
|
383
|
+
end
|
384
|
+
```
|
355
385
|
|
356
|
-
|
357
|
-
|
386
|
+
`RockOAuth::Provider.access_token()` takes a
|
387
|
+
`ResourceOwner`, a list of scopes required to access the resource, and a
|
358
388
|
request environment object. If the token was not granted for the required scopes,
|
359
389
|
has expired or is simply invalid, headers and a status code are set to indicate
|
360
|
-
this to the client.
|
390
|
+
this to the client. `token.valid?` is the call you should use to
|
361
391
|
determine whether to serve the request or not.
|
362
392
|
|
363
393
|
It is also common to provide a dynamic resource for getting some basic data
|
364
394
|
about a user by supplying their access token. This can be done by passing
|
365
|
-
|
366
|
-
|
367
|
-
|
368
|
-
|
369
|
-
|
370
|
-
|
371
|
-
|
372
|
-
|
373
|
-
|
395
|
+
`:implicit` as the resource owner:
|
396
|
+
|
397
|
+
```ruby
|
398
|
+
get '/me' do
|
399
|
+
token = RockOAuth::Provider.access_token(:implicit, [], env)
|
400
|
+
if token.valid?
|
401
|
+
JSON.unparse('username' => token.owner.username)
|
402
|
+
else
|
403
|
+
JSON.unparse('error' => 'Keep out!')
|
374
404
|
end
|
405
|
+
end
|
406
|
+
```
|
375
407
|
|
376
|
-
|
408
|
+
`token.owner` returns the `ResourceOwner` that issued the token.
|
377
409
|
A token represents the fact that a single owner gave a single client a set of
|
378
410
|
permissions.
|
379
411
|
|
380
|
-
|
381
|
-
== License
|
412
|
+
## License
|
382
413
|
|
383
414
|
Copyright (c) 2014 Rocketmade.com
|
384
415
|
|
@@ -400,7 +431,6 @@ LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
|
400
431
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
401
432
|
THE SOFTWARE.
|
402
433
|
|
403
|
-
|
404
434
|
Copyright (c) 2010-2012 Songkick.com
|
405
435
|
|
406
436
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
data/lib/rockoauth/router.rb
CHANGED
@@ -3,8 +3,8 @@ module RockOAuth
|
|
3
3
|
|
4
4
|
# Public methods in the namespace take either Rack env objects, or Request
|
5
5
|
# objects from Rails/Sinatra and an optional params hash which it then
|
6
|
-
# coerces to Rack requests. This is for backward
|
7
|
-
# it only took request objects.
|
6
|
+
# coerces to Rack requests if they are not already. This is for backward
|
7
|
+
# compatibility; originally it only took request objects.
|
8
8
|
|
9
9
|
class << self
|
10
10
|
def parse(resource_owner, env)
|
@@ -48,6 +48,8 @@ module RockOAuth
|
|
48
48
|
private
|
49
49
|
|
50
50
|
def request_from(env_or_request)
|
51
|
+
return env_or_request if env_or_request.is_a?(Rack::Request)
|
52
|
+
|
51
53
|
env = env_or_request.respond_to?(:env) ? env_or_request.env : env_or_request
|
52
54
|
env = Rack::MockRequest.env_for(env['REQUEST_URI'] || '', :input => env['RAW_POST_DATA']).merge(env)
|
53
55
|
Rack::Request.new(env)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rockoauth
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.1.
|
4
|
+
version: 0.1.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Daniel Evans
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2015-02-04 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: activerecord
|
@@ -156,10 +156,10 @@ email: evans.daniel.n@gmail.com
|
|
156
156
|
executables: []
|
157
157
|
extensions: []
|
158
158
|
extra_rdoc_files:
|
159
|
-
- README.
|
159
|
+
- README.md
|
160
160
|
files:
|
161
161
|
- History.txt
|
162
|
-
- README.
|
162
|
+
- README.md
|
163
163
|
- example/README.rdoc
|
164
164
|
- example/application.rb
|
165
165
|
- example/config.ru
|
@@ -216,7 +216,7 @@ metadata: {}
|
|
216
216
|
post_install_message:
|
217
217
|
rdoc_options:
|
218
218
|
- "--main"
|
219
|
-
- README.
|
219
|
+
- README.md
|
220
220
|
require_paths:
|
221
221
|
- lib
|
222
222
|
required_ruby_version: !ruby/object:Gem::Requirement
|