Rails two-legged OAuth provider?
Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:
class ApiController < ApplicationController
include OAuth::Controllers::ApplicationControllerMethods
oauthenticate :strategies => :two_legged, :interactive => false
# ...
end
Implementing a 2 Legged OAuth Provider
I would take a step back and think about what a properly authenticated client is going to be sending you.
Can you store the keys and credentials in a common database which is accessible from both sets of services, and just implement the OAuth provider in one language? When the user sends in a request to a service (PHP or Java) you then check against the common store. When the user is setting up the OAuth client then you do all of that through either a PHP or Java app (your preference), and store the credentials in the common DB.
There are some Oauth providers written in other languages that you might want to take a look at:
- PHP - http://term.ie/oauth/example/ (see bottom of page)
- Ruby - http://github.com/mojodna/sample-oauth-provider
- .NET http://blog.bittercoder.com/PermaLink,guid,0d080a15-b412-48cf-b0d4-e842b25e3813.aspx
Three legged oauth flow on mobile app
If you're using NSURLSession to make HTTP requests, then see this for information about handling redirects.
Google also has some pre-built Google Sign-In packages for iOS and Android that you can include in your app, similar to the one in your web client. I've never used them though, so I don't how exactly they'd integrate with you app.
Alternatively you can set up an authentication endpoint in your backend that handles the whole thing, with the app only ever making one request to your server and your server handling communication with Google. So, for example, you could have the user submit a request to /oauth/mobile. The server then submits an authentication request to Google and gets an access token and a refresh token. Then you can return your own app's token from the server. Google has some documentation on Google Sign-In for server-side apps that may be relevant.
Writing a Two-legged OAuth provider in Django
'2 legged' is just normal OAuth request without an access token or access token secret. That's it. You still use the client credentials (identifier and secret) but use empty strings for the access token parameters. Depending on the server library you use, you can omit the oauth_token parameter when making the request.
Related Topics
Why Does Date Exist in Ruby Before It Is Required
Is Assignment in a Conditional Clause Good Ruby Style
Rspec View Undefined Method Stub_Model
Retrieving Image Height with Carrierwave
Convert 12 Hr Time to 24 Hr Format in Ruby
How to Deal with Ruby 2.1.2 Memory Leaks
How to Test If All Items in an Array Are Identical
Rails Change Routing of Submit in Form_For
Get Time Object at Start of Day in a Particular Time Zone
Passing Binding or Arguments to Erb from the Command Line
C1 or C2 Coverage Tool for Ruby
How to Remove All Elements That Satisfy a Condition in Array in Ruby
Add a Callback Function to a Ruby Array to Do Something When an Element Is Added
How to Do Named Capture in Ruby
Regex to Match Hashtags in a Sentence Using Ruby
How to Detect the End of a Method Chain in Ruby