oauth-ruby
OAuth for Ruby
Ruby OAuth GEM
I am trying to look into setting up an OAuth Provider Server with Rails 3 but can't seem to find anything out there to accomplish this.
I am also a newb when it comes to oauth, so excuse my ignorance.
When setting up an oauth server do I need to already have an oauth account at somewhere like agree2.com? Or can I just use my own server?
Source: (StackOverflow)
I am working on integrating the TripIt API into a project of mine. I'm new to OAuth so I'm learning this as I go. The following controller seems to be working. However, I want to make sure I'm not leaving any glaring security holes or just being stupid.
What do you guys/gals think?
If anyone had a better example, I would certainly study it as well.
Thanks for any pointers or suggestions.
http://gist.github.com/648227
Source: (StackOverflow)
I successfully implemented OAuth using the oauth-plugin gem with Rails 3.0.9. However, once I upgraded to Rails 3.1.3, I'm receiving an error when attempting to get the request token.
I've been testing locally
Rails 3.1.3
oauth (0.4.5)
oauth-plugin (0.4.0.rc2)
I've setup the Rails app as a provider
Consumer Key: BkdI1PnzRuvKDw2Qs1wVxtDrtvmqhUgeXLwNpNtm Consumer
Secret: eCY7JFk4vK6IeWXVq7yS3OMVT1XKpVOWOImsy3iw
Request Token URL: http://localhost:3000/oauth/request_token
In the console:
ruby-1.9.2-p290 :003 > @consumer = OAuth::Consumer.new
"BkdI1PnzRuvKDw2Qs1wVxtDrtvmqhUgeXLwNpNtm",
"eCY7JFk4vK6IeWXVq7yS3OMVT1XKpVOWOImsy3iw",
{:site => "http://localhost:3000"}
=> #<OAuth::Consumer:0x007fe93d5bcdf8 @key="BkdI1PnzRuvKDw2Qs1wVxtDrtvmqhUgeXLwNpNtm",
@secret="eCY7JFk4vK6IeWXVq7yS3OMVT1XKpVOWOImsy3iw",
@options={:signature_method=>"HMAC-SHA1",
:request_token_path=>"/oauth/request_token",
:authorize_path=>"/oauth/authorize",
:access_token_path=>"/oauth/access_token",
:proxy=>nil,
:scheme=>:header,
:http_method=>:post,
:oauth_version=>"1.0",
:site=>"http://localhost:3000"}>
ruby-1.9.2-p290 :004 > @consumer.get_request_token
OAuth::Unauthorized: 401 Unauthorized
from /Users/donpottinger/.rvm/gems/ruby-1.9.2-p290@rails3_1/gems/oauth-0.4.5/lib/oauth/consumer.rb:219:in `token_request'
from /Users/donpottinger/.rvm/gems/ruby-1.9.2-p290@rails3_1/gems/oauth-0.4.5/lib/oauth/consumer.rb:139:in `get_request_token'
from (irb):4
from /Users/donpottinger/.rvm/gems/ruby-1.9.2-p290@rails3_1/gems/railties-3.1.3/lib/rails/commands/console.rb:45:in `start'
from /Users/donpottinger/.rvm/gems/ruby-1.9.2-p290@rails3_1/gems/railties-3.1.3/lib/rails/commands/console.rb:8:in `start'
from /Users/donpottinger/.rvm/gems/ruby-1.9.2-p290@rails3_1/gems/railties-3.1.3/lib/rails/commands.rb:40:in `<top (required)>'
from script/rails:6:in `require'
from script/rails:6:in `<main>'
Source: (StackOverflow)
Sorry if the question is stupid, but I am new to using APIs of Websites. But since a long time I wanted to learn this and today started with the simple example of how to access information from soundcloud. Here is the code of the simple example from their website
require 'rubygems'
gem 'soundcloud-ruby-api-wrapper'
require 'soundcloud'
gem 'oauth'
require 'oauth'
# Create a Soundcloud OAuth consumer token object
sc_consumer = Soundcloud.consumer('YOUR_APPLICATION_CONSUMER_TOKEN','YOUR_APPLICATION_CONSUMER_SECRET')
# Create an OAuth access token object
access_token = OAuth::AccessToken.new(sc_consumer, 'YOUR_OAUTH_ACCESS_TOKEN', 'YOUR_OAUTH_ACCESS_SECRET')
# Create an authenticated Soundcloud client, based on the access token
sc_client = Soundcloud.register({:access_token => access_token})
# Get the logged in user
my_user = sc_client.User.find_me
# Display his full name
p "Hello, my name is #{my_user.full_name}"
I know what to set as:
- 'YOUR_APPLICATION_CONSUMER_TOKEN'
- 'YOUR_APPLICATION_CONSUMER_SECRET'
as this was given when registering a application on soundcloud.
I set the 'YOUR_OAUTH_ACCESS_TOKEN' to ht tp://api.soundcloud.com/oauth/access_token
which was also written on the soundcloud site, but I have no idea where to get the
_YOUR_OAUTH_ACCESS_SECRET_ from.
Can anybody help me with this?
Is this access secret also a random string that I get from somewhere, do I have to generate it by myself. I already read a lot in the oauth documentation but could not find anything that could help a beginner. Any help is highly appreciated, thanks a lot in advance!
EDIT As suggested in the answer of the Elite Gentlemen I also tried the Soundcloud example on authentication. I post here the piece of code which already leads to the error:
require 'rubygems'
gem 'soundcloud-ruby-api-wrapper'
require 'soundcloud'
# oAuth setup code:
# Enter your consumer key and consumer secret values here:
@consumer_application = {:key => 'QrhxUWqgIswl8a9ESYw', :secret => 'tqsUGUD3PscK17G2KCQ4lRzilA2K5L5q2BFjArJzmjc'}
# Enter the path to your audio file here.
path_to_audio_file = "your/absolute/path/to/audio_file.ext"
# Set up an oAuth consumer.
@consumer = OAuth::Consumer.new @consumer_application[:key], @consumer_application[:secret],
{
:site => 'http://api.sandbox-soundcloud.com',
:request_token_path => '/oauth/request_token',
:access_token_path => '/oauth/access_token',
:authorize_path => '/oauth/authorize'
}
# Obtain an oAuth request token
puts "Get request token"
request_token = @consumer.get_request_token
The error message I receive then is:
OAuth::Unauthorized: 401 Unauthorized
method token_request in consumer.rb at
line 217 method get_request_token in
consumer.rb at line 139 at top
level in test1.rb at line 25
How can this simple example fail?
Source: (StackOverflow)
I'm going to add Oauth autenthication to my rails web app. Since I don't want to reinvent the wheel, have you got some ruby gem to suggest to add this kind of feature?
TIA
Paolo
Source: (StackOverflow)
Sometimes an Twitter OAuth is successfully executed, but an unauthorized error is thrown. I get about 50 of these on a daily basis. It is worrying, because I have no idea how that might be reproduced.
What are the different cases where this error happens, and how can this be fixed or prevented?
Source: (StackOverflow)
I have set this in the initializer
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook , 'app' , 'secret' , {:scope => "manage_pages"}
end
And I have saved the token in User model after the callback.
How do I use the token to request for https://graph.facebook.com/${current_user.uid}/accounts?
Source: (StackOverflow)
I am following everything from the documentation:
http://dev.twitter.com/pages/sign_in_with_twitter
I am working on a rails app and this is how my code looks like (code
below uses oauth ruby gem):
@consumer=OAuth::Consumer.new("key" , "secret", {:site=>"https://
api.twitter.com"})
@request_tok...@consumer.get_request_token(:oauth_callback =>
"#{SITE_BASE}/callback")
redirect_to
@request_token.authorize_url().gsub("authorize","authenticate")
URL generated is:
https://api.twitter.com/oauth/authenticate?oauth_token=_REQUEST_TOKEN_
I am already logged in to twitter.com and have authorized the app. But
it displays the authorize screen:
Authorize Twoo Dev to use your account?
All I do is reload the page and it takes me to my application's
callback.
I have also used omniauth gem and had the same issue, hence I moved to oauth.
Please suggest what might be going wrong.
Regards,
Aditya
Following is the header information for the authenticate url:
Response Headersview source
Date Mon, 20 Jun 2011 00:48:13 GMT
Server hi
Status 200 OK
X-Transaction
Etag ""-gzip
X-Frame-Options SAMEORIGIN
Last-Modified Mon, 20 Jun 2011 00:48:13 GMT
X-Runtime 0.06452
Content-Type text/html; charset=utf-8
Pragma no-cache
X-Revision DEV
Expires Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control no-cache, no-store, must-revalidate, pre-check=0, post-
check=0
X-MID
Set-Cookie lang=en; path=/ lang=en; path=/ _twitter_sess=;
domain=.twitter.com; path=/; HttpOnly
Vary Accept-Encoding
Content-Encoding gzip
Content-Length 2936
Keep-Alive timeout=15, max=100
Connection Keep-Alive
Source: (StackOverflow)
is there any possibility to work with trusted sites (for example - sites of one developer) using oauth/oauth2 without confirmation of access to user data?
Source: (StackOverflow)
I've been spending the last few days banging my head against the wall on supporting the ability to add a contact to the Google Contacts API in my Rails 3 application. Despite many false starts, I've finally made some progress by employing the Ruby OAuth gem, and following the tutorial here: http://everburning.com/news/google-analytics-oauth-and-ruby-oh-my/
When I follow this in the console, I get further than I do in my Rails app. I can create an access token, authenticate against Google's service with the specific scope of the Contacts API, and apply the oauth_verifier token to get an access token. But when it comes time to push the data, I get this error:
response = at.post("https://www.google.com/m8/feeds/contacts/default/full", gdata)
=> #<Net::HTTPUnauthorized 401 Unknown authorization header readbody=true>
Where does the "readbody=true" header come from, and how would I get rid of it?
But it's worse in the Rails app. I have one controller action ("googlecontacts") that creates the request token and leads the user to the authentication site with Google:
def googlecontacts
@card = Card.find_by_short_link(params[:id])
@consumer = OAuth::Consumer.new(
'anonymous',
'anonymous',
{
:site => 'https://www.google.com',
:request_token_path => '/accounts/OAuthGetRequestToken',
:access_token_path => '/accounts/OAuthGetAccessToken',
:authorize_path => '/accounts/OAuthAuthorizeToken',
:signature_method => 'HMAC-SHA1',
:oauth_version => '1.0'
})
@request_token = @consumer.get_request_token(
{:oauth_callback => 'http://monkey.dev/cards/google_auth?redir='+@card.short_link},
{:scope => "https://www.google.com/m8/feeds/"}
)
session[:request_token] = @request_token
redirect_to @request_token.authorize_url
end
This appears to work; I get a working request token object, and the user is forwarded to the Google service to authenticate. The callback URL ("google_auth") should take the oauth_verifier token to create an access token. Here's the beginning of the controller:
def google_auth
@access_token = session[:request_token].get_access_token(:oauth_verifier=>params[:oauth_verifier])
And here's where it craps out. The error on that last line is:
You have a nil object when you didn't expect it!
You might have expected an instance of Array.
The error occurred while evaluating nil.[]
But the values that are in there -- the session[:request_token] and the params[:oauth_verifier] -- are present and accounted for in that action! I can't figure out what is nil here.
So I guess I need to figure out this second problem first, but bonus points for answering the first problem as well. :-)
Thanks for reading.
Aaron.
Source: (StackOverflow)
I just getting started with OAuth, and I tried to make a small client to connect to some webservices... I tried twitter and it worked like a charm, however, I also tried to access Yelp V2 API (following their Python example) but I always get back as an answers:
HTTP 400 Bad Request
Missing parameter: oauth_consumer_key
Here's my code:
require 'rubygems'
require 'oauth'
CONSUMER_KEY = "MY_CONSUMER_KEY"
SECRET = "MY_CONSUMER_SECRET"
TOKEN = "MY_TOKEN"
TOKEN_SECRET = "MY_TOKEN_SECRET"
consumer = OAuth::Consumer.new( CONSUMER_KEY,SECRET, {:site => "http://api.yelp.com", :signature_method => "HMAC-SHA1", :scheme => :header})
access_token = OAuth::AccessToken.new( consumer, TOKEN,TOKEN_SECRET)
p access_token.get("/v2/search?location=new+york").body
Regardless to say, that code works with twitter API without any problem (I actually followed twitter's example code)
Cheers and thanks in advance,
Ze
Source: (StackOverflow)
I have been searching to figure out how exactly to use the oauthable module in the Devise gem for Rails 3. I have come across a couple of questions on here that seem correct, but I was unable to get the implementation working. My end goal is to have both Twitter and Facebook authentication through Devise in my Rails 3 application. Right now I am struggling with what I thought was the "example" in the warden strategy list. I have got this far.
Inside of my devise initalizer I have the following blocks of code in, what I believe, the appropriate places.
manager.oauth(:twitter) do |twitter|
twitter.consumer_secret = '[secret]'
twitter.consumer_key = '[key]'
twitter.options :site => 'http://twitter.com'
end
manager.default_strategies(:scope => :user).unshift :twitter_oauth
Warden::OAuth::access_token_user_finder(:twitter) do |access_token|
User.find_or_create_by(:token => access_token.token, :secret => access_token.secret).tap do |user|
user ||= User.create!(:access_token => access_token.token, :secret => access_token.secret)
end
end
I have placed a link on one of my views but all I am getting is an error, OAuth 401 Unauthorized, is this something from Twitter or am I completely missing a step?
Source: (StackOverflow)
I am using OAuth-Ruby to do an OAuth authentication with a Tumblr application. I am able to write code that progresses through the various steps of OAuth, but I cannot get an access token or actually make a request. I can get a request key, redirect the user to Tumblr to authenticate and grant access, and receive an authenticated request key. But I can't get any farther than that.
I have registered my Tumblr application; let's assume for this question that it has provided me with the following keys:
- OAuth Consumer Key: @oauth_consumer_key
- Secret Key: @secret_key
(I have actual values, but I am keeping them concealed here for obvious reasons.)
I am running the following code within a controller that runs when the user submits a form, which form stores information in the @tumblog variable:
#0. provided when registering application
@key = @oauth_consumer_key
@secret = @secret_key
@site = 'http://www.tumblr.com'
@consumer = OAuth::Consumer.new(@key, @secret,
{ :site => @site,
:request_token_path => '/oauth/request_token',
:authorize_path => '/oauth/authorize',
:access_token_path => '/oauth/access_token',
:http_method => :post } )
if @consumer
#1. get a request token
@request_token = @consumer.get_request_token;
session[:request_token] = @request_token
session[:tumblog] = @tumblog
#2. have the user authorize
redirect_to @request_token.authorize_url
else
flash[:error] = "Failed to acquire request token from Tumblr."
render 'new'
end
This code gets me to the right page at Tumblr, where the user grants or denies my application access to the user's account. Assuming the user grants access, Tumblr redirects back to my application, to a callback I provided when I registered the application with Tumblr. To that point, everything works beautifully.
My OAuth callback runs the following code in the controller:
if params[:oauth_token] && params[:oauth_verifier]
@tumblog = session[:tumblog]
@request_token = session[:request_token]
#3. get an access token
@access_token = @request_token.get_access_token
. . . .
end
At Step 3, there is a problem. I cannot seem to actually get an access token with the line:
@access_token = @request_token.get_access_token
Can someone tell me what I need to do to get the access token? When I run that line, I get a OAuth::Unauthorized error.
I truly appreciate any advice. I've been Googling and trying different things for multiple days. Thanks!
Source: (StackOverflow)
I'm hooking up my application to the Tumblr API, and when I try and authorize I get the message "Grant this application read and write access to your Tumblr account?". I only want read access to users' accounts.
The Tumblr API docs say you can have read-only or read and write access.
Permission will either be for read and write or read access. Read and write access permits the application or web site to create and edit your posts.
How do I tell oAuth to only request read access from the Tumblr API?
With the Twitter API, apparently you can change the access level of your apps: http://dev.twitter.com/discussions/1274. I don't see anything like that in the Tumblr oauth admin settings: http://tumblr.com/oauth/apps
Here's a relevant thread in the Tumblr API discussion group: https://groups.google.com/forum/#!topic/tumblr-api/HuDoDBvTIMI
Source: (StackOverflow)
I found the gmail_xoauth gem, which does most of what I need, but I also need to generate the oauth tokens (consumer_key and consumer_secret) from inside Rails3.
I am trying to integrate Gmail's oauth integration into my site and hence cannot use the python script that the above gem refers to. I would like my site to take the user to the authentication page and extract the consumer_key/secret tokens.
I am new to OAuth, so maybe there's something obvious that I am missing.
UPDATE: I solved the above, and have written a blog post with the details (since its too big to fit here).
http://blog.asif.in/blog/2012/03/03/google-oauth-and-rails/
Source: (StackOverflow)