OAuth2
======

-1. Get familiar with OmniAuth by Intridea: http://github.com/intridea/omniauth. Read about OAuth2.


0. Obtain client_id and client_secret for your app from Exvo.


1. Install exvo-auth gem or add it to your Gemfile.


2. Configure middleware(s).

There are two middlewares. Usually you will need the "interactive" one:

  ExvoAuth::Strategies::Interactive
  ExvoAuth::Strategies::NonInteractive
  
Both middlewares need client_id and client_secret configured.
In Rails, the relevant lines could look like this:

  ExvoAuth::Config.client_id     = "foo"
  ExvoAuth::Config.client_secret = "bar" 
  config.middleware.use ExvoAuth::Strategies::Interactive

    
3. Add routes.

The following comes from Rails config/routes.rb file:

  match "/auth/failure"                  => "sessions#failure"
  match "/auth/interactive/callback"     => "sessions#create"
  match "/auth/non_interactive/callback" => "sessions#create" # only if you use json-based login
  match "/sign_out"                      => "sessions#destroy"

Failure url is called whenever there's a failure (d'oh).
You can have separate callbacks for interactive and non-interactive
callback routes but you can also route both callbacks to the same controller method
like shown above.

You also need a root_url route defined in routes (Rails) or this little hack (Merb):

Merb::Controller.class_eval do
  def root_url
    absolute_url("/foo") # probably a "/"
  end
end

4. Include controller helpers into your application controller.

include ExvoAuth::Controllers::Rails (or Merb)

5. Implement a sessions controller.

Sample implementation (Rails):

class SessionsController < ApplicationController
  def create
    auth = params[:auth] # sometimes you will need to do this: request.env["rack.request.query_hash"]["auth"]
    user = User.find_or_create_by_uid(auth["uid"])
    
    user_info = auth["user_info"]
    user.update_attributes!(user_info)
    
    sign_in_and_redirect!(user.id)
  end
  
  def destroy
    sign_out_and_redirect!
  end
  
  def failure
    render :text => "Sorry!"
  end
end
  
In short: you get params[:auth]. Do what you want to do with it: store the data, create session, etc.


6. Sign up and sign in paths for use in links.

sign in path: "/auth/interactive"
sign up path: "/auth/interactive?x_sign_up=true" # this is OAuth2 custom param

You have a handy methods available in controllers (and views in Rails): sign_in_path and sign_up_path.


7. Read the source, there are few features not mentioned in this README.


Inter-Application Communication
===============================


# Consumer side

consumer = ExvoAuth::Autonomous::Consumer.new(
  :provider_id => "this is client_id of the app you want to connect to"
)
consumer.get(*args) - interface is exactly the same like in HTTParty. All http methods are available (post, put, delete, head, options).


# Provider side

See #authenticate_app_in_scope!(scope) method in ExvoAuth::Controllers::Rails (or Merb). This method lets you create a before filter.
Scopes are used by providing app to check if a given consuming app should have access to a given resource inside a scope.
If scopes are empty, then provider app should not present any resources to consumer.

# Example of the before filter for provider controller:

before_filter {|c| c.authenticate_app_in_scope!("payments") }