I have a rails 2.3.5 application with an API that I want to protect.
No user - this is an app style app for the web service (more like an Amazon service than a facebook service), and therefore I would like to implement it using a two-way OAuth approach.
I am trying to use the oauth-plugin server implementation as a start:
http://github.com/pelle/oauth-plugin
... but it is built, expecting a three-legged (network redirection) oauth.
Before I delve into making changes to support the two-legged, I wanted to see if there was an easier way, or if someone had a better approach for the rails application to implement being a two-legged OAuth provider.
Previously, the only good answer was to hack into the oauth-plugin to get this subset of oauth interactions. Since then, the oauth-plugin has been reorganized, and now you can use it straight up by simply adding the correct type of authentication filter to your controller:
class ApiController < ApplicationController include OAuth::Controllers::ApplicationControllerMethods oauthenticate :strategies => :two_legged, :interactive => false # ... end
oauth-plugin , . , oauth- oauth-plugin, ( ) . . 2-legged oauth , , 3-legged, , oauth-plugin .
OAuth oauth gem, oauth-plugin - . , , . oauth-plugin , , , .