A Ruby wrapper for the OAuth 1.0 protocol

Status

Project Ruby Oauth
name, license, docs RubyGems.org License: MIT RubyDoc.info
version & downloads Version Total Downloads Downloads Today Homepage Stars
dependencies & linting Depfu lint status
unit tests supported rubies unsupported status
coverage & maintainability Test Coverage codecov Maintainability Maintenance Policy
resources Discussion Mailing List Join the chat at https://gitter.im/oauth-xx/oauth-ruby Blog Network
Spread ~♡ⓛⓞⓥⓔ♡~ Open Source Helpers Liberapay Patrons Sponsor Me 🌏 👼 💻 🌹 Tweet @ Peter

What

This is a RubyGem for implementing both OAuth 1.0 clients and servers in Ruby applications.

See the OAuth 1.0 spec http://oauth.net/core/1.0/

See the sibling gem oauth2 for OAuth 2.0 implementations in Ruby.

Installation

Add this line to your application’s Gemfile:

gem "oauth"

And then execute:

$ bundle install

Or install it yourself as:

$ gem install oauth

Compatibility

Targeted ruby compatibility is non-EOL versions of Ruby, currently 2.6, 2.7, and 3.0. Ruby is limited to 2.0+ in the gemspec, and this may change while the gem is still at version 0.x. The master branch currently targets 0.6.x releases.

Ruby OAuth Version Maintenance Branch Officially Supported Rubies Unofficially Supported Rubies
0.7.x (hypothetical) N/A 2.7, 3.0, 3.1 2.6
0.6.x master 2.6, 2.7, 3.0 2.3, 2.4, 2.5
0.5.x v0.5-maintenance 2.0, 2.1, 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, 3.0

NOTE: 0.5.8 is anticipated as last release of the 0.5.x series.

Basics

This is a ruby library which is intended to be used in creating Ruby Consumer and Service Provider applications. It is NOT a Rails plugin, but could easily be used for the foundation for such a Rails plugin.

As a matter of fact it has been pulled out from an OAuth Rails GEM (https://rubygems.org/gems/oauth-plugin https://github.com/pelle/oauth-plugin) which now uses this gem as a dependency.

Usage

We need to specify the oauth_callback url explicitly, otherwise it defaults to “oob” (Out of Band)

callback_url = "http://127.0.0.1:3000/oauth/callback"

Create a new OAuth::Consumer instance by passing it a configuration hash:

oauth_consumer = OAuth::Consumer.new("key", "secret", site: "https://agree2")

Start the process by requesting a token

request_token = oauth_consumer.get_request_token(oauth_callback: callback_url)

session[:token] = request_token.token
session[:token_secret] = request_token.secret
redirect_to request_token.authorize_url(oauth_callback: callback_url)

When user returns create an access_token

hash = { oauth_token: session[:token], oauth_token_secret: session[:token_secret] }
request_token = OAuth::RequestToken.from_hash(oauth_consumer, hash)
access_token = request_token.get_access_token
# For 3-legged authorization, flow oauth_verifier is passed as param in callback
# access_token = request_token.get_access_token(oauth_verifier: params[:oauth_verifier])
@photos = access_token.get("/photos.xml")

Now that you have an access token, you can use Typhoeus to interact with the OAuth provider if you choose.

require "typhoeus"
require "oauth/request_proxy/typhoeus_request"
oauth_params = { consumer: oauth_consumer, token: access_token }
hydra = Typhoeus::Hydra.new
req = Typhoeus::Request.new(uri, options) # :method needs to be specified in options
oauth_helper = OAuth::Client::Helper.new(req, oauth_params.merge(request_uri: uri))
req.options[:headers]["Authorization"] = oauth_helper.header # Signs the request
hydra.queue(req)
hydra.run
@response = req.response

More Information

  • RubyDoc Documentation: RubyDoc.info
  • Mailing List/Google Group: Mailing List
  • GitHub Discussions: Discussion
  • Live Chat on Gitter: Join the chat at https://gitter.im/oauth-xx/oauth-ruby
  • Maintainer’s Blog: Blog

Contributing

See CONTRIBUTING.md

Contributors

Contributors

Made with [contributors-img][contrib-rocks].

Versioning

This library aims to adhere to Semantic Versioning 2.0.0. Violations of this scheme should be reported as bugs. Specifically, if a minor or patch version is released that breaks backward compatibility, a new version should be immediately released that restores compatibility. Breaking changes to the public API will only be introduced with new major versions.

As a result of this policy, you can (and should) specify a dependency on this gem using the Pessimistic Version Constraint with two digits of precision.

For example:

spec.add_dependency "oauth", "~> 0.5"

License

The gem is available as open source under the terms of the MIT License License: MIT. See LICENSE for the [Copyright Notice][copyright-notice-explainer].

Contact

OAuth Ruby has been created and maintained by a large number of talented individuals. The current maintainer is Peter Boling (@pboling).

Comments are welcome. Contact the OAuth Ruby mailing list (Google Group) or GitHub Discussions.