Martin91/weibo_oauth2.rb

## weibo_oauth2.rb
# Attention: the below methods are actions extracted from my controllers in a Rails App, if you need to use these codes outside
# a Rails project, rememeber to replace some Rails-specified methods, such as, Hash#to_param.

# STEP 1: start to request an authorization
def request_authorize
  session[:security_state] = 'I am from Martin site'

  authorize_url = "https://api.weibo.com/oauth2/authorize"
  params = {
    client_id: "663911642", # Required: Your assigned App Key
    redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token',  # Required: A redirect uri after users have confirmed to authorize
    scope: 'statuses_to_me_read',   # Optional: specify needed authorities, could be splited by commas ','
    state: session[:security_state]  # Optional: a param used to annotate message by yourself, such as, use to it to prevent evil requests
  }.to_param

  redirect_to "#{authorize_url}?params"  # start to authorization flow
end

# STEP 2: use the received `code` to request authorized `access_token`
#
# A little time after user confirmed to authorize successfully,
# the weibo.com's api server will redirect the browser to the passed `redirect_uri` and pass two params `code` and `state`
# Example:
#   GET https://4c3161b3.ngrok.com/request_access_token?state=I%20am%20from%20Martin%20site&code=fd0831ae5f1e5248ca0dad58c1ee9b75
#
def request_access_token
  if params[:state] !=  session[:security_state]  # The current request is an evil request
    render json: [message: 'Oh no, it seems that you are a bad boy!'], status: 406
  else
    access_token_url = "https://api.weibo.com/oauth2/access_token"
    params = {
      client_id: '663911642',  # Required: Your assigned App Key
      client_secret: 'b2f51ef8b14ef56de2b0566975d8aaec',  # Required: Your assigned App Secret
      grant_type: 'authorization_code',  # Require: Only 'authorizaition' value is available currently
      code: params[:code],  # Required: passed url param from the request
      redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token'  # Required: configed redirect_url in http://open.weibo.com/webmaster/privilege/oauth?siteid=your_site_id
    }.to_param

    response = RestClient.post "#{access_token_url}?#{params}", accept: :json  # should be a post request here
    # Note: must remember to pass params as a url params instead of form params, otherwise, you will receive error message like:
    # "miss client id or secret"

    # STEP 3: do something else,
    # maybe store the access_token and then redirect to a profile page, anyway, you are free now.
    current_user.update_attributes access_token: response.body['access_token']
    redirect_to current_user_profile_path
  end
end

# Lastly, a success response body Example:
# The success reponse will be something like(the below response has been formatted):
{
  "access_token": "2.00hkboBz05nnoxcc10c6c075muWpuB",
  "remind_in": "157679999",
  "expires_in": 157679999,
  "uid": "0123456789"
}

# OK, that is all!
	# Attention: the below methods are actions extracted from my controllers in a Rails App, if you need to use these codes outside
	# a Rails project, rememeber to replace some Rails-specified methods, such as, Hash#to_param.

	# STEP 1: start to request an authorization
	def request_authorize
	session[:security_state] = 'I am from Martin site'

	authorize_url = "https://api.weibo.com/oauth2/authorize"
	params = {
	client_id: "663911642", # Required: Your assigned App Key
	redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token', # Required: A redirect uri after users have confirmed to authorize
	scope: 'statuses_to_me_read', # Optional: specify needed authorities, could be splited by commas ','
	state: session[:security_state] # Optional: a param used to annotate message by yourself, such as, use to it to prevent evil requests
	}.to_param

	redirect_to "#{authorize_url}?params" # start to authorization flow
	end

	# STEP 2: use the received `code` to request authorized `access_token`
	#
	# A little time after user confirmed to authorize successfully,
	# the weibo.com's api server will redirect the browser to the passed `redirect_uri` and pass two params `code` and `state`
	# Example:
	# GET https://4c3161b3.ngrok.com/request_access_token?state=I%20am%20from%20Martin%20site&code=fd0831ae5f1e5248ca0dad58c1ee9b75
	#
	def request_access_token
	if params[:state] != session[:security_state] # The current request is an evil request
	render json: [message: 'Oh no, it seems that you are a bad boy!'], status: 406
	else
	access_token_url = "https://api.weibo.com/oauth2/access_token"
	params = {
	client_id: '663911642', # Required: Your assigned App Key
	client_secret: 'b2f51ef8b14ef56de2b0566975d8aaec', # Required: Your assigned App Secret
	grant_type: 'authorization_code', # Require: Only 'authorizaition' value is available currently
	code: params[:code], # Required: passed url param from the request
	redirect_uri: 'https://4c3161b3.ngrok.com/request_access_token' # Required: configed redirect_url in http://open.weibo.com/webmaster/privilege/oauth?siteid=your_site_id
	}.to_param

	response = RestClient.post "#{access_token_url}?#{params}", accept: :json # should be a post request here
	# Note: must remember to pass params as a url params instead of form params, otherwise, you will receive error message like:
	# "miss client id or secret"

	# STEP 3: do something else,
	# maybe store the access_token and then redirect to a profile page, anyway, you are free now.
	current_user.update_attributes access_token: response.body['access_token']
	redirect_to current_user_profile_path
	end
	end

	# Lastly, a success response body Example:
	# The success reponse will be something like(the below response has been formatted):
	{
	"access_token": "2.00hkboBz05nnoxcc10c6c075muWpuB",
	"remind_in": "157679999",
	"expires_in": 157679999,
	"uid": "0123456789"
	}

	# OK, that is all!