Here is how I connected to an external API using oAuth, got access token and saved it in DB for future use. Each time I can now access the API with the saved access token as long as it doesn’t expire.
The flow of oAuth is: client(myapp) tries to get access to user’s service, and the service provider(SP) in the middle will handle the authentication and authorization. In our case, our app first connects to the SP, get the request token, use the request token to go to authorize url(or give that url to the user), where the user(in our case, we are also user in that SP) can log in and get the verification code, give it to SP, which generates a access token and return it to us for direct communication between us and the user data.
I am using oAuth(0.4.7) for this development. (https://rubygems.org/gems/oauth/versions/0.4.7). My code snippet below:
First will prepare the consumer object:
consumer_key = ‘thekeyyougetfromexternalapiparty’
consumer_secret = ‘thesecretyougetfromexternalapiparty'
base_url = ‘externalapiurl.com/’
request_token_path = base_url + ‘oauth/request-token'
access_token_path = base_url + 'oauth/access-token'
call_back_url = "oob"
consumer = OAuth::Consumer.new(consumer_key, consumer_secret, {
:scheme => :header,
:http_method => :post,
:request_token_path => request_token_path,
:access_token_path => access_token_path,
:oauth_callback => call_back_url,
:signature_method => 'HMAC-SHA1',
:version => '1.0A'
Then, get the request token from the service provider.
request_token = consumer.get_request_token()
After I got the request token, I used the oauth_token from the request token and use it to construct the authorize url, which user can use to log-in in a browser and reads in the verification code from user:
auth_url = "#{base_url}#{request_token.authorize_url}"
verifier = STDIN.gets.strip
Once we have the verification code, we can now get access token:
access_token=request_token.get_access_token(:oauth_verifier => verifier)
This access token now can be used to access the API with the user’s info:
get_info_url = "theurltogetinfoapi" response = access_token.get(get_info_url) result = JSON.parse(response.body)
So, now I have the access token and I can access all the services SP gives for the user that logged in!
Sometimes, some SP allows you to use the access token for longer period of time, and you may want to save the access token in you environment or in DB. Here is how I did that:
act = AccessToken.create(token: access_token.token, secret: access_token.secret, expires_in: 10.days, is_expired: false ) act.save
Once this is saved in DB, here is how to rebuild it later:
db_access_token = AccessToken.find_by_is_expired(false) token = db_access_token.token secret = db_access_token.secret access_token = OAuth::AccessToken.new(consumer) access_token.token = token access_token.secret = secret
Please note that, we are assuming there is a separate task to update is_expired in DB once the access token expires. Also, the consumer object is the same one we used in the beginning.
So, this is it! Now you have a full fledged oauth communication in ruby/rails!
Developer Bubble 