Rails 两条腿的 OAuth 提供程序? [英] Rails two-legged OAuth provider?

问题描述

我有一个带有我希望保护的 API 的 rails 2.3.5 应用程序.

I have a rails 2.3.5 application with an API I wish to protect.

没有用户 - 它是一个应用程序风格的网络服务(更像是亚马逊服务而不是 Facebook)，所以我想使用两条腿的 OAuth 方法来实现它.

There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.

我一直在尝试使用 oauth-plugin 服务器实现作为开始:

I have been trying to use the oauth-plugin server implementation as a start:

http://github.com/pelle/oauth-plugin

...但它的构建需要三足(网络重定向流)oauth.

...but it is built expecting three-legged (web redirect flow) oauth.

在我深入研究对其进行更改以支持两条腿之前，我想看看是否有更简单的方法，或者是否有人有更好的方法让 rails 应用程序实现成为两条腿的 OAuth 提供者.

Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.

推荐答案

以前，唯一好的答案是在 oauth-plugin 中进行 hack 以获得 oauth 交互的这个子集.从那时起，oauth-plugin 被重构，现在您可以直接使用它，只需向您的控制器添加正确类型的身份验证过滤器:

Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:

class ApiController < ApplicationController

    include OAuth::Controllers::ApplicationControllerMethods

    oauthenticate :strategies => :two_legged, :interactive => false

    # ...

end

这篇关于Rails 两条腿的 OAuth 提供程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！