We interrupt our regularly scheduled program with a screencast for software developers.
If you are not a software developer, the screencast may not be useful, but it’s good to understand why OAuth is critical to online complementary currency. When you buy something online, you don’t log into your bank’s website to do the transaction. You may click on a PayPal purchase button or some other one-click button. So, a member may not want to log into a community currency website to make a payment to a peer. The community currency website needs to expose an application programming interface to third party applications (like Facebook) to make payments and execute other functions. How is the third party authorized to make a payment on behalf of the member? The OAuth protocol allows a member to seamlessly grant the third party application authorization to perform specific actions on his accounts, for instance. It’s kind of a big deal.
In this screencast, a web application is built which lets a member of a community currency system (on another server) make a payment to another member. The member is redirected to the currency server to authorize the app to make the payment. This authorization could be for one payment or also for future payments initiated by the member. Included at the end of this post are some links that I found extraordinarily helpful in adding OAuth support to OSCurrency.
This is actually the second Stupid Currency Tricks screencast this year. The first screencast was writing an app to make remote calls to OSCurrency using HTTP Authorization using a Nokia N800 handheld computer.
Here are some helpful resources:
Developing OAuth Clients In Ruby
How To Turn Your Rails Site Into an OAuth Provider
Beginner’s Guide to OAuth – Part I: Overview
Beginner’s Guide to OAuth – Part II: Protocol Workflow
Beginner’s Guide to OAuth – Part III: Security Architecture