I have a rails 2.3.5 application with an API I wish to protect. There

Question

0

Asked: May 20, 20262026-05-20T08:03:59+00:00 2026-05-20T08:03:59+00:00

I have a rails 2.3.5 application with an API I wish to protect. There

0

I have a rails 2.3.5 application with an API I wish to protect.

There is no user – it is an app to app style webservice (more like an Amazon service than facebook), and so I would like to implement it using a two-legged OAuth approach.

I have been trying to use the oauth-plugin server implementation as a start:

http://github.com/pelle/oauth-plugin

…but it is built expecting three-legged (web redirect flow) oauth.

Before I dig deeper into making changes to it to support two-legged, I wanted to see if there was an easier way, or if someone had a better approach for a rails app to implement being a two-legged OAuth provider.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T08:04:00+00:00

Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:

class ApiController < ApplicationController

    include OAuth::Controllers::ApplicationControllerMethods

    oauthenticate :strategies => :two_legged, :interactive => false

    # ...

end

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have a rails 2.3.5 application with an API I wish to protect. There

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply