OAuth Echo の Rails Gem

Transcript

1. OAuth Echo ͷ Rails Gem 2011.12.21 ୈ2.1ճTwitter APIษڧձ #twtr_hack

2. @tkawa

3. None

4. REST

5. REST ࠓճ͸ؔ܎͋Γ·ͤΜ

6. OAuth Echo

7. None

8. TwitPic • ը૾ΞοϓϩʔυαʔϏε • ΞΧ΢ϯτొ࿥ෆཁ • TwitterͷIDɾύεϫʔυ΋ೖྗෆཁ • Ͳ͏΍ͬͯೝূͯ͠Δͷʁ

9. OAuth Echo • ೝূΛService ProviderʢTwitterͳͲʣʹ ҕৡ͢Δ͘͠Έ • ΫϥΠΞϯτ͕OAuthొ࿥ͯ͋͠Ε͹ɺ ࣄલͷొ࿥΍τʔΫϯऔಘ͕ෆཁ

10. None

11. GET https://api.twitter.com/1/account/ verify_credentials.json Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0A QR3Fmi7Q6Y", oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D", oauth_signature_method="HMAC-SHA1",

    oauth_timestamp="1272325550", oauth_token="819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", oauth_version="1.0"

12. POST http://api.twitpic.com/2/upload.json X-Auth-Service-Provider: https://api.twitter.com/1/ account/verify_credentials.json X-Verify-Credentials-Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0A QR3Fmi7Q6Y",

    oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272325550", oauth_token="819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", oauth_version="1.0"

13. POST http://api.twitpic.com/2/upload.json X-Auth-Service-Provider: https://api.twitter.com/1/ account/verify_credentials.json X-Verify-Credentials-Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0A QR3Fmi7Q6Y",

    oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1272325550", oauth_token="819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", oauth_version="1.0" ʢ΄΅ʣ͜Ε͚ͩ

14. GET https://api.twitter.com/1/account/ verify_credentials.json Authorization: OAuth oauth_consumer_key="GDdmIQH6jhtmLUypg82g", oauth_nonce="oElnnMTQIZvqvlfXM56aBLAf5noGD0A QR3Fmi7Q6Y", oauth_signature="U1obTfE7Rs9J1kafTGwufLJdspo%3D", oauth_signature_method="HMAC-SHA1",

    oauth_timestamp="1272325550", oauth_token="819797- Jxq8aYUDRmykzVKrgoLhXSq67TEa5ruc4GJC2rWimw", oauth_version="1.0"

15. OAuth Echo • Delegator(TwitPic)͸ϦΫΤετ͝ͱʹ Service Provider(Twitter)ʹೝূΛٻΊΔ • 1ϦΫΤετͰ׬݁͢Δ୯७ͳAPIͷ࣮૷ ʹ޲͍͍ͯΔ •

    ೝূ͚ͩͳͷͰɺService Provider(Twitter) ଆʹॻ͖ࠐΜͩΓ͢Δ͜ͱ͸Ͱ͖ͳ͍

16. • ඇެࣜ࢓༷ - ΄΅TwitterͰ͔͠࢖ΘΕ͍ͯͳ͍ • OAuth 1.0࢓༷ʹج͍͓ͮͯΓɺOAuth 2.0 ʹͳΔͱ࢖͑ͳ͍ -

    Google, Facebook, GitHubͳͲ͕OAuth 2.0 ໰୊఺ʁ
17. None

18. class PostsController < ApplicationController http_basic_authenticate_with :name => "tkawa", :password =>

    "secret" def index render :json => { :message => "Limited Access" } end ... end ͔ΜͨΜBasicೝূ

19. class PostsController < ApplicationController oauth_echo_authenticate_with :twitter def index render :json

    => { :message => "Limited Access" } end ... end ͔ΜͨΜOAuth Echoೝূ

20. https://github.com/tkawa/ oauth_echo_authentication

21. ͖͔͚ͬ http://www.atmarkit.co.jp/news/201004/21/twitterapi.html

22. ͖͔͚ͬ • TwitterͷΞϊςʔγϣϯͷ࿩͕͍ͭͷ· ʹ͔ফ໓ • ࣗ෼Ͱ࢖͍͍ͨ෼͚ͩͰ΋ࣗ෼Ͱ࡞Δ ͔

23. Webೝ஌ߦಈྍ๏ http://u2plus.jp/ ։ൃத