search

pelle / oauth-plugin

Rails plugin for OAuth
http://stakeventures.com/articles/2009/07/21/consuming-oauth-intelligently-in-rails
MIT License
715 stars 215 forks source link

OAuth 2.0 functionality and other fixes #139

Closed RubenHoms closed 11 years ago

RubenHoms commented 11 years ago

I've noticed that this repository hasn't been touched in a while, and that it has never conformed to the OAuth 2.0 specs despite community efforts. That's why I took all the fixes that people have so generously commited as a pull request and combined them in my own fork. Thanks goes out to the following people for writing their fixes:

The refreshing of the access token works as follows; once an access token has been acquired, the expires_in and expires_at attributes will be set, if the consumer does not respond with such a paramter, the standard of 3600 seconds (1 hour) will be used and the object will be saved to the datastore. There's an after_initialize callback on the Oauth2Token model which triggers only if the token has expired. If it does it will initialize the OAuth2 client and call the refresh! method. (thank you @greggroth for the pointer to this method) It will then save the new attributes to the datastore.

I'm pretty sure that the after_initialize is the way to go since most expirations are set to 3600 seconds and the object will be initialized many times in between. If anyone would know of a more clean way of doing this, please say you and I will try to fix it.

Here's an example of how to add Skydrive as an OAuth 2.0 provider in the oauth_consumers.rb file:

OAUTH_CREDENTIALS={
  skydrive: {
    key: "YourKeyHere",
    secret: "YourSecretHere",
    super_class: "Oauth2Token", # Use this or override this for OAuth 2.0 consumers
    scope: "wl.basic wl.emails wl.skydrive_update wl.offline_access",
    options: {
      site: "https://login.live.com",
      token_url: "/oauth20_token.srf",
      authorize_url: "/oauth20_authorize.srf",
      response_type: "code",
      client_id: 'YourClientIdHere',
      redirect_uri: 'http://www.yourwebsite.com/oauth_consumers/skydrive/callback2' # Required for OAuth 2.0 providers!
    }
  }
}

Note that the redirect_uri option is required for the callback. Your routes.rb file should look something like this to make this work:

resources :oauth_consumers do
  get :callback, :on => :member
  get :callback2, :on => :member # Add this line for OAuth 2.0 functionality.
end
pelle commented 11 years ago

Specs are failing for me. Please see if you can fix them and feel free to merge into master

pelle commented 11 years ago

Sorry I realized this spec failure is in master and is probably due to the Rails 4.0 compatibility