Gadgeteer simplifies OpenSocial Gadget development by giving you helpers you can use in your Rails application to verify Signed Requests and access OpenSocial data.

Gadgeteer requires the oauth gem (0.2.7+).

Note: the current version of the oauth gem doesn’t comply completely with the OAuth standard, and also doesn’t work with Rails 2.3</tt>. You can use lackac’s fork, until the fixes are merged in.

You can configure the secrets and public keys used by your application two ways.

For consumer secrets you can put your consumer key/secret pairs into config/oauth_secrets.yml:

key: secret

or you could setup those in your ApplicationController:

class ApplicationController < ActionController::Base

  oauth_secrets['key'] = 'secret'

end

For public keys you can put the certificates into config/certs with .cert extension, or you could setup the public keys in your ApplicationController by creating a OpenSSL::PKey::RSA object and adding it to the public_keys hash:

class ApplicationController < ActionController::Base

  public_keys['example.com'] = OpenSSL::PKey::RSA.new(OpenSSL::X509::Certificate.new(CERT).public_key)

end

You can use the verify_signature method as a before_filter in your controllers to make sure the signed requests are correct:

class SecretNotesController < ActionController::Base

  before_filter :verify_signature

end

The correct secret or public key will be used for verification based on the current request. If the xoauth_signature_publickey parameter is set, the corresponding public key will be used. Otherwise the consumer secret connected to the key found in the oauth_consumer_key parameter will be used. The singature will be verified based on this key/secret pair and the singature method set in the parameters.

If there are OpenSocial related request parameters, you can access them with the open_social method:

def index
  @secret_notes = SecretNote.find_by_profile_id(open_social[:viewer_id])
end

Copyright © 2009 László Bácsi, released under the MIT license