Web Server Flow in the Rack OAuth-2 Server

Question

I'm trying to integrate the Rack OAuth-2 server into my sinatra application, to use it in a web-server flow implementation and I can't make it work :(. I the following code in the oauth controller

require "rack/oauth2/sinatra"
module RestKit
  module Network
    class OAuth2 < Sinatra::Base
       use Rack::Logger
        set :sessions, true
        set :show_exceptions, true

        ENV["DB"] = "test"
    DATABASE = Mongo::Connection.new[ENV["DB"]]

    register Rack::OAuth2::Sinatra
    oauth.authenticator = lambda do |username, password|
     "Batman" if username == "cowbell" && password == "more"       end
    oauth.host = "localhost"
    oauth.database = DATABASE


    # 3. Obtaining End-User Authorization

     before "/oauth/*" do
       halt oauth.deny! if oauth.scope.include?("time-travel") # Only Superman can do that
     end

     get "/oauth/authorize" do
       "client: #{oauth.client.display_name}\nscope: #{oauth.scope.join(", ")}\nauthorization: #{oauth.authorization}"
     end

     post "/oauth/grant" do
       oauth.grant! "Batman"
     end

     post "/oauth/deny" do
       oauth.deny!
     end


     # 5. Accessing a Protected Resource

     before { @user = oauth.identity if oauth.authenticated? }


     oauth_required "/user"

     get "/user" do
       @user
     end

     get "/list_tokens" do
       oauth.list_access_tokens("Batman").map(&:token).join(" ")
     end
   end            
  end
end

Then I try to obtain an authorization code using curl from terminal with:

curl -i http://localhost:4567/oauth/authorize   -F response_type=code   -F client_id=[the ID]   -F client_secret=[the secret] -F redirect_uri=http://localhost:4567/oauth/showcode

and Just I got as a response:

HTTP/1.1 400 Bad Request

Content-Type: text/plain Content-Length: 20 Connection: keep-alive Server: thin 1.2.11 codename Bat-Shit Crazy

Missing redirect URL

Do you have any ideas what I'm doing wrong? Thanks!

Answer 1

The end of your curl request is:

-F redirect_uri=http://localhost:4567/oauth/showcode

but you haven't defined that route in the code above, i.e. where is:

get "/oauth/showcode" do

? That's why the error is "Missing redirect URL".