Blog & news

Posts tagged with 'oauth'
  • Tog 0.4 “Thebe” is finally out. We’ve added a bunch of fixes, patches and improvements. Obviously there are a new shiny features too:

    • Spam blocking. As we’ve detailed before tog powered sites will be now protected against spam in their comments. Probably we’ll extract and expand this blocking system to any model on future releases.
    • Site-wide search. Any model can be now included in the sitewide search available with tog. Just add your model as a search source to tog and provide a partial to render the matching instances of this model in the results page. You can check the details here and here.
    • FileColumn to Paperclip migration. We’ve replaced one of the oldest part of the platform and will depends now on the great paperclip plugin from the nice guys of thoughtbot. We’ve added the needed migrations to make the transition easier. As always a backup of your site before the update will be a great idea.

    How to install

    You can install or upgrade to tog 0.4 through RubyGems:

    gem install tog-tog

    New tog generated apps will use the last version of the plugins. If you’re updating an existing application, you should upgrade the plugins manually (sorry we’re working in this one) to the last tag. You can access them on http://github.com/tog/[PLUGIN_NAME]/tree/v0.4.0

    From all of the people collaborating in tog to all the people using it, we hope you enjoy this release. Dig the code and have fun while we bake the next (Tog 0.5 “Io”) release.

    Comments (7) | Add a Comment
  • In the spirit of the famous posts of Ryan Daigle we’re going to blog periodically about the current state of tog. Beginning with this very post we’ll start to sneak preview the features implemented on the tog edge code and the first one we want to talk about is the OAuth support we’re integrating in tog. For those that are not familiar with the concept of OAuth, it’s defined on its own site as:

    An open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.

    Basically what this means is that by supporting OAuth you’re giving other developers and yourself the chance to avoid the common social networking password anti-pattern. The use of this anti-pattern is very common as an (bad) effort to aggregate the social graph and data published in other sites. The OAuth protocol gives us a secure and open alternative to these authorization processes regardless of your role as consumer or provider of the data.

    In an OAuth authorization process the involved applications interchange a few “request/access” tokens and relay on the user to manage the privileges a site takes over the data stored by other. Using this workflow the user’s data is protected since its password is never ever given to any 3rd party and he/she retains the power to revoke the given privileges at anytime.

    There is an increasing number of providers that support OAuth and we’re trying to be as good web citizens as possible leveraging these standards in the tog platform. Our efforts are headed right now to provide every tog based social network the basic tools to be a consumer/provider of an OAuth authorization process out-the-box. We’ve been using Pownce as proof-of-concept of this authorization process as you can see in the following video:







    tog oauth implementation rc1 from Linking Paths on Vimeo. You can view it on HD here.

    The code is still sharp and far to be production-ready but we’re pretty excited with this feature since we see it like our first contribution to the open web, making tog a more robust and extensible platform.

    Comments (3) | Add a Comment