OAuth is an open authentication protocol that allows secure API communication without the necessity of continually passing a username and password with each request. The idea for OAuth was conceived in 2006 by a group of individuals working on the Twitter implementation of OpenID.
After reviewing both OpenID and other existing industry practices, such as Amazon Web Services API and Flickr API, it was decided that a proposal should be written for a new open protocol for application authentication.
OAuth has been widely adopted among major web services. Twitter, not only implementing OAuth as its primary API authentication method, but using it as the basis for its “
Sign in with Twitter” service. Today, you’ll also find the protocol used by Facebook, Google, Yahoo, LinkedIn, and many others.
Foursquare is a new and rapidly growing social utility whose potential for mash-ups with other applications is limited only by one’s own imagination. The Foursquare platform implements the OAuth 2.0 standard, so users can authorize applications to access Foursquare resources on their behalf without revealing their passwords or other credentials to those applications. The foursquare API gives you access to all of the data used by the foursquare mobile applications, and, in some cases, even more.
I have been experimenting with the Foursquare API for a few days now, and I wanted to show you how you can implement use Foursquare in your Rails application using OAuth 2.0 (This is a very simple Rails application that connects to the Foursquare API using
Quimby [http://github.com/groupme/quimby]). It is working fine as I'm using Rails 2.3.8 on ruby 1.8.7 and it also work with Rails 3!
I'm going to just give you the concept for this post. If you have no prior experience with Ruby or you are new to Rails, as you read this post, don't get use these code directly, it will not work for your blank Rails application.
Below is a general overview for an OAuth connection:
1.Send request to target website for token, with the server's client_id & secret_id
2.Redirect user to authorize page with token (and callback url)
3.After user confirm, user will be redirect to the callback page with a access_token
4.Save the access_token, and free to call target server for user data.
You will need a Foursquare account to obtain your key and secret in the first place. Visit
https://foursquare.com/oauth to register your Rails application and obtaining your API credentials, where you need to provide an app name (ex: Railscode), a website url (ex: http://localhost:3000) and a callback URL (ex: http://localhost:3000/fsq_callback). It’s a free signup, and if you wish to work on the API I’m sure you’ve already had an interest in the application! After registration, you should see something like this:
Copy your Foursquare App
Client ID &
Client Secret and paste it into your environment.rb or maybe config_foursquare.yml. The
callback URL is the location your users will be sent after they authenticate on Foursquare’s site.
Next run rails script to generate a migration file:
$ script/generate migration add_foursquare_to_users
And we have to install the following ruby gems:
We need to be able to intercept this redirect, capture the token, and store it so we can begin interacting with Foursquare. Add the following method to the application controller:
Next we need to write a callback method in the fsq_oauth_controller.rb. Once we’ve retrieved the code from the Foursquare server, we can exchange it for an access token.
Add the following line in the routes.rb:
In order to retrieve an access token, we need to redirect the user to the Foursquare authorization URL (More info can be found on
https://developer.foursquare.com/docs/oauth.html). we can add the foursquare connect button in the view page:
When pressing the login button, you can login with your Foursquare credentials!
Now that the app has an access token, we can launch our main activity and start interacting with Foursquare.
This has been a basic look into getting started with Foursquare’s API. OAuth is a very powerful open protocol for connecting into larger social communities. It offers the most secure solutions for both users and web masters. The
Foursquare Developers center is an amazing tool for newbies.Scour the resources and look up and function calls you may be interested in working with. Similarly the official
OAuth website has some terrific readings outlining the purpose and practical solutions for the protocol.
