|
|
@@ -24,44 +24,53 @@ Erlang, and erlang-fmt (http://tfletcher.com/dev/erlang-fmt).
|
|
|
The Makefile assumes that erlang-fmt is contained in the parent directory of
|
|
|
this one, so you might want to edit the Makefile if you have it elsewhere.
|
|
|
|
|
|
+Erlang R12B-5 is required for RSA-SHA1 signing.
|
|
|
+
|
|
|
|
|
|
How do I use it?
|
|
|
----------------
|
|
|
|
|
|
-The crypto and inets applications need to be running, and---as it's easy to
|
|
|
-forget---all the code needs to be compiled. A typical authentication flow
|
|
|
-would be similar to the following:
|
|
|
+First, create a consumer:
|
|
|
+
|
|
|
+ Consumer = oauth_consumer:new("key", "secret", SignatureMethod).
|
|
|
+
|
|
|
+
|
|
|
+SignatureMethod can either be "PLAINTEXT", "HMAC-SHA1", or {"RSA-SHA1", PK},
|
|
|
+where PK is either a path pointing to a private key PEM file, or a tuple as
|
|
|
+returned by public_key:decode_private_key/1.
|
|
|
|
|
|
- ConsumerKey = "key",
|
|
|
+Requests can be made with oauth:get and oauth:post, e.g.,
|
|
|
|
|
|
- ConsumerSecret = "secret",
|
|
|
+ Response = oauth:get(URL, Consumer).
|
|
|
|
|
|
- SignatureMethod = "HMAC-SHA1",
|
|
|
|
|
|
- Consumer = oauth_consumer:new(ConsumerKey, ConsumerSecret, SignatureMethod),
|
|
|
+URL must not contain a query string. Instead, pass the query parameters in
|
|
|
+as an additional [proplist] argument, e.g.,
|
|
|
|
|
|
- HttpResponse = oauth:get(RequestTokenURL, Consumer),
|
|
|
+ Response = oauth:get(URL, Consumer, [{foo, "bar"}]).
|
|
|
|
|
|
- RequestTokenPair = oauth_token_pair:new(HttpResponse),
|
|
|
|
|
|
- % If necessary, direct user to the Service Provider,
|
|
|
- % with RequestToken = element(1, RequestTokenPair).
|
|
|
+Calling oauth:get or oauth:post returns an HTTP response tuple, as would
|
|
|
+be returned from http:request/4. If you are requesting tokens you can use
|
|
|
+oauth_token_pair:new/1 to extract the oauth_token and oauth_token_secret
|
|
|
+parameters from the response, e.g.,
|
|
|
|
|
|
- HttpResponse2 = oauth:get(AccessTokenURL, Consumer, RequestTokenPair),
|
|
|
+ TokenPair={Token, TokenSecret} = oauth_token_pair:new(Response).
|
|
|
|
|
|
- AccessTokenPair = oauth_token_pair:new(HttpResponse2),
|
|
|
|
|
|
- oauth:get(ProtectedResourceURL, Consumer, AccessTokenPair, ExtraParams).
|
|
|
+TokenPair can then be passed back into oauth:get and oauth:post to
|
|
|
+request additional tokens, or a protected resource. Alternatively, you
|
|
|
+can use oauth_request:to_header/2,4 to generate an HTTP Authorization
|
|
|
+header, as described by http://oauth.net/core/1.0/#auth_header. This
|
|
|
+isn't (currently) integrated into oauth:get and oauth:post, so you
|
|
|
+would need to use http:request/4 directly in this case.
|
|
|
|
|
|
|
|
|
-Calling oauth:get or oauth:post returns an HTTP response tuple, as returned
|
|
|
-from http:request/4. Type "make termie_hmac", or look at test/oauth_termie.erl
|
|
|
-for a working example. Thanks Andy!
|
|
|
+Are there any examples anywhere?
|
|
|
+--------------------------------
|
|
|
|
|
|
-Alternatively, you can use oauth_request:header/6 to generate an HTTP
|
|
|
-Authorization header, as described by http://oauth.net/core/1.0/#auth_header.
|
|
|
-This isn't (currently) integrated into oauth:get and oauth:post, so you would
|
|
|
-need to use http:request/4 directly in this case.
|
|
|
+Yes. See test/oauth_termie.erl and test/oauth_google.erl. They can be
|
|
|
+run with "make termie_hmac", "make termie_rsa", and "make google".
|
|
|
|
|
|
|
|
|
Who can I contact if I have another question?
|
Tim Fletcher