Last active
August 29, 2015 14:04
-
-
Save Martin91/d6fc1598b890023e4c4d to your computer and use it in GitHub Desktop.
methods pair to finish OAuth2 flow on weibo.com
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Attention: the below methods are actions extracted from my controllers in a Rails App, if you need to use these codes outside | |
# a Rails project, rememeber to replace some Rails-specified methods, such as, Hash#to_param. | |
# STEP 1: start to request an authorization | |
def request_authorize | |
session[:security_state] = 'I am from Martin site' | |
authorize_url = "https://api.weibo.com/oauth2/authorize" | |
params = { | |
client_id: "663911642", # Required: Your assigned App Key | |
redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token', # Required: A redirect uri after users have confirmed to authorize | |
scope: 'statuses_to_me_read', # Optional: specify needed authorities, could be splited by commas ',' | |
state: session[:security_state] # Optional: a param used to annotate message by yourself, such as, use to it to prevent evil requests | |
}.to_param | |
redirect_to "#{authorize_url}?params" # start to authorization flow | |
end | |
# STEP 2: use the received `code` to request authorized `access_token` | |
# | |
# A little time after user confirmed to authorize successfully, | |
# the weibo.com's api server will redirect the browser to the passed `redirect_uri` and pass two params `code` and `state` | |
# Example: | |
# GET https://4c3161b3.ngrok.com/request_access_token?state=I%20am%20from%20Martin%20site&code=fd0831ae5f1e5248ca0dad58c1ee9b75 | |
# | |
def request_access_token | |
if params[:state] != session[:security_state] # The current request is an evil request | |
render json: [message: 'Oh no, it seems that you are a bad boy!'], status: 406 | |
else | |
access_token_url = "https://api.weibo.com/oauth2/access_token" | |
params = { | |
client_id: '663911642', # Required: Your assigned App Key | |
client_secret: 'b2f51ef8b14ef56de2b0566975d8aaec', # Required: Your assigned App Secret | |
grant_type: 'authorization_code', # Require: Only 'authorizaition' value is available currently | |
code: params[:code], # Required: passed url param from the request | |
redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token' # Required: configed redirect_url in http://open.weibo.com/webmaster/privilege/oauth?siteid=your_site_id | |
}.to_param | |
response = RestClient.post "#{access_token_url}?#{params}", accept: :json # should be a post request here | |
# Note: must remember to pass params as a url params instead of form params, otherwise, you will receive error message like: | |
# "miss client id or secret" | |
# STEP 3: do something else, | |
# maybe store the access_token and then redirect to a profile page, anyway, you are free now. | |
current_user.update_attributes access_token: response.body['access_token'] | |
redirect_to current_user_profile_path | |
end | |
end | |
# Lastly, a success response body Example: | |
# The success reponse will be something like(the below response has been formatted): | |
{ | |
"access_token": "2.00hkboBz05nnoxcc10c6c075muWpuB", | |
"remind_in": "157679999", | |
"expires_in": 157679999, | |
"uid": "0123456789" | |
} | |
# OK, that is all! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
session[:security_state] = 'I am from Martin site'
is good for demo, in real world you might expect a more secure string likeSecureRandom.hex
see: https://developers.google.com/accounts/docs/OAuth2Login#createxsrftoken