Rails 两条腿的 OAuth 提供程序? [英] Rails two-legged OAuth provider?
问题描述
我有一个带有我希望保护的 API 的 rails 2.3.5 应用程序.
I have a rails 2.3.5 application with an API I wish to protect.
没有用户 - 它是一个应用程序风格的网络服务(更像是亚马逊服务而不是 Facebook),所以我想使用两条腿的 OAuth 方法来实现它.
There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.
我一直在尝试使用 oauth-plugin 服务器实现作为开始:
I have been trying to use the oauth-plugin server implementation as a start:
http://github.com/pelle/oauth-plugin
...但它的构建需要三足(网络重定向流)oauth.
...but it is built expecting three-legged (web redirect flow) oauth.
在我深入研究对其进行更改以支持两条腿之前,我想看看是否有更简单的方法,或者是否有人有更好的方法让 rails 应用程序实现成为两条腿的 OAuth 提供者.
Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.
推荐答案
以前,唯一好的答案是在 oauth-plugin 中进行 hack 以获得 oauth 交互的这个子集.从那时起,oauth-plugin 被重构,现在您可以直接使用它,只需向您的控制器添加正确类型的身份验证过滤器:
Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:
class ApiController < ApplicationController
include OAuth::Controllers::ApplicationControllerMethods
oauthenticate :strategies => :two_legged, :interactive => false
# ...
end
这篇关于Rails 两条腿的 OAuth 提供程序?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!