My favorites | Sign in
Project Home Wiki
Search
for
AccessToken  
How the AccessToken api works
Updated Feb 4, 2010 by pel...@gmail.com

Introduction

The AccessToken is used for accessing Web Services using the OAuth protocol.

See Spec

This is only used from the ConsumerService side.

AccessToken lifecycle

  1. ConsumerService Request an AccessToken from the ServiceProvider using an authorized RequestToken
  2. ConsumerService ServiceProvider's web service using the AccessToken's http request wrapper methods

Contains

  • token - the actual token string
  • secret - a secret string used for signing requests

Creation

You ask the RequestToken to exchange it self for an AccessToken from the ServiceProvider: 

@access_token=@request_token.get_access_token

Accessing REST webservices

It wraps the ruby http/s object with simple methods for each http method: 

# GET /people.xml
@response=@access_token.get('/people.xml')

# GET /people/1.xml
@response=@access_token.get('/people/1.xml')

# POST /people
@response=@access_token.post('/people',"person[name]=Bob")

# POST /people with xml
@response=@access_token.post('/people',@person.to_xml,{'Content-Type'=>'application/xml')

# PUT /people/1
@response=@access_token.post('/people/1',"person[name]=Bob%20Smith")

# PUT /people/1 with xml
@response=@access_token.put('/people/1',@person.to_xml,{'Content-Type'=>'application/xml')

# DELETE /people/1
@response=@access_token.delete('/people/1')
Comment by humbr...@gmail.com, Apr 1, 2008

there's some errata. {'Content-Type'=>'application/xml' => {'Content-Type'=>'application/xml'}

thanks for great document.

Comment by avben...@gmail.com, Jun 22, 2008

Using a long living AccessToken

If the provider does not invalidate the access token until explicitly requested to do so, then one can keep the string values to use at a later time: 

# Initialisation based on string values:
consumer_key = 'AVff2raXvhMUxFnif06g'
consumer_secret = 'u0zg77R1bQqbzutAusJYmTxqeUpWVt7U2TjWlzbVZkA'
access_token = 'R1bQqbzYm0zg77tAusJzbVZkAVt7U2T'
access_token_secret = 'sVbVZkAt7U2TjWlJYmTxqR1bQqbzutAuWzeUpu0zg77'

@consumer = OAuth::Consumer.new(consumer_key, consumer_secret, {:site=>'http://my.site'})


@accesstoken = OAuth::AccessToken.new(@consumer, access_token, access_token_secret)

Sending specific HTTP headers

To send specific HTTP headers such as User-Agent or Accept: 

@response = @access_token.get('/people.xml', {'User-Agent'=>'my user agent'})
Comment by koo...@gmail.com, May 1, 2011

Using a long living AccessToken, II

The above method did nt work for me. I may not have gotten the right values. However using the ruby Marshal'ing API worked great.

The first time I got the AccessToken, do this. 

# access token in var: access_token
File.open('at.dmp', 'w+') do |f|
  Marshal.dump(access_token, f)
end

From then on, do this. 

access_token = nil
File.open('at.dmp') do |f|  
  access_token = Marshal.load(f)  
end

Sign in to add a comment
Powered by Google Project Hosting