Delegated Auth for MSFT Live Services in Ruby.rb

class LiveServices
  
  # MSFT Live Services Application Information
  LIVE_APP_ID = {'development' => 'XXX', 'staging' => 'XXX', 'production' => 'XXX'}
  LIVE_SECRET = {'development' => 'SHH', 'staging' => 'SHH', 'production' => 'SHH'}
  PRIVACY_URL = {'development' => 'http://privacy.com', 
                 'staging' => 'http://privacy.com', 
                 'production' => 'http://privacy.com'}
  DELEGATE_PATH = "https://consent.live.com/Delegation.aspx"
  
  # return_url  = Where the user is redirected to after authenticating on Live Services
  # permissions = Comma-separated string that lists the areas that you want access 
  #               to (e.g. Contacts.View,Contacts.Update)
  def self.new_auth_url(return_url, permissions, privacy_policy_url = nil)
    
    privacy_policy_url ||= PRIVACY_URL[RAILS_ENV]
    app_verifier = get_app_verifier
    
    params = [["ru", CGI.escape(return_url)],
              ["ps", CGI.escape(permissions)],
              ["pl", CGI.escape(privacy_policy_url)],
              ["app", CGI.escape(app_verifier)]]

    auth_url = DELEGATE_PATH + "?" + params.collect {|x| x.join("=")}.join("&")      
  end
  
  # This method signs the key using your secret, application id, and a timestamp
  def self.get_app_verifier
    signkey = OpenSSL::Digest::SHA256.digest("SIGNATURE" + LIVE_SECRET[RAILS_ENV])[0..15]
    token = "appid=#{LIVE_APP_ID[RAILS_ENV]}&ts=#{Time.now.to_i}"
    signed_token = CGI.escape(Base64.encode64(OpenSSL::HMAC.digest(OpenSSL::Digest::SHA256.new, signkey, token)))
    app_verifier = token + "&sig=#{signed_token}"
    return app_verifier
  end    
end