Rack OAuth Utils

Simple Rack middleware that catches OAuth2 access tokens and validates identity

This gem only covers the simple use of "using a token". You must implement the authorization and "getting a token" part in your app.

USAGE

class API < Sinatra::Base

  use Rack::OAuth2Utils::Middleware do |access_token|
    AccessToken.find_by_token(access_token).try :account_id
  end

  helpers do

    def authorized?
      !!identity
    end

    def identity
     requets.env['oauth.identity']
    end

    def current_account
     Account.find(identity) if authorized?
    end

  end

  get '/private' do
    if authorized?
      content_type 'application/json'
      current_account.to_json
    else
      halt 403, 'Access forbidden'
    end
  end

end

Rack::OAuth2Utils::Middleware takes a block with the request's access token. YOu can use it to resolve it to an identity string (ie a user or account id).

There is a test store based on PStore (filesystem. Do no use in production):

STORE = Rack::OAuth2Utils::TestStore.new('tmp/access_tokens.store')

STORE['foobar'] = 'some_identity'

use Rack::OAuth2Utils::Middleware do |access_token|
  STORE[access_token]
end

It is up to you how you store tokens and identities.

See test/middlewate_test.rb for details