Chubbies now sees that it has no secret and registers itself.

app/controllers/authorizations_controller.rb

@@ -1,7 +1,9 @@
 class AuthorizationsController < ApplicationController
   include OAuth2::Provider::Rack::AuthorizationCodesSupport
-  before_filter :authenticate_user!
-  before_filter :block_invalid_authorization_code_requests
+  before_filter :authenticate_user!, :except => :token
+  before_filter :block_invalid_authorization_code_requests, :except => :token
+
+  skip_before_filter :verify_authenticity_token, :only => :token
 
   def new
     @client = oauth2_authorization_request.client
@@ -14,5 +16,22 @@ class AuthorizationsController < ApplicationController
       deny_authorization_code
     end
   end
+
+  def token
+    if(params[:type] == 'client_associate' && params[:redirect_uri] && params[:name])
+      client = OAuth2::Provider.client_class.create!(:name => params[:name])
+
+      render :json => {:client_id => client.oauth_identifier,
+                      :client_secret => client.oauth_secret,
+                      :expires_in => 0,
+                      :flows_supported => "",
+                      :user_endpoint_url => "bob"}
+
+      #redirect_to("#{params[:redirect_uri]}?#{query_string}")
+
+    else
+      render :text => "bad request", :status => 403
+    end
+  end
 end
 

config/routes.rb

@@ -71,6 +71,8 @@ Diaspora::Application.routes.draw do
   get "/oauth/authorize" => "authorizations#new"
   post "/oauth/authorize" => "authorizations#create"
 
+  post "/oauth/token" => "authorizations#token"
+
   #Temporary token_authenticable route
   resource :token, :only => [:show, :create]
 

features/oauth.feature

@@ -6,6 +6,25 @@ Feature: oauth
     Given Chubbies is running
     And a user with username "bob" and password "secret"
 
+  Scenario: Authorize Chubbies
+    When I visit "/" on Chubbies
+    And I try to authorize Chubbies
+    Then I should see "Authorize Chubbies?"
+
+    When I press "Yes"
+    Then I should be on "/account" on Chubbies
+    And I should see my "profile.birthday"
+    And I should see my "name"
+
+  Scenario: Not authorize Chubbies
+    When I visit "/" on Chubbies
+    And I try to authorize Chubbies
+    Then I should see "Authorize Chubbies?"
+
+    When I press "No"
+    Then I should be on "/callback" on Chubbies
+    Then I should see "What is your major malfunction?"
+
   Scenario: Authorize Chubbies
     Given Chubbies is registered on my pod
     When I visit "/" on Chubbies
@@ -17,13 +36,3 @@ Feature: oauth
     And I should see my "profile.birthday"
     And I should see my "name"
 
-  Scenario: Not authorize Chubbies
-    Given Chubbies is registered on my pod
-    When I visit "/" on Chubbies
-    And I try to authorize Chubbies
-    Then I should see "Authorize Chubbies?"
-
-    When I press "No"
-    Then I should be on "/callback" on Chubbies
-    Then I should see "What is your major malfunction?"
-

features/step_definitions/oauth_steps.rb

@@ -20,6 +20,11 @@ And /^I should see my "([^"]+)"/ do |code|
 end
 
 When /^I try to authorize Chubbies$/ do
+  # We need to reset the tokens saved in Chubbies,
+  # as we are clearing the Diaspora DB every scenario
+  Then 'I visit "/reset" on Chubbies'
+  Then 'I visit "/" on Chubbies'
+  ###
   And 'I follow "Log in with Diaspora"'
   Then 'I should be on the new user session page'
   And "I fill in \"Username\" with \"#{@me.username}\""

spec/support/chubbies/Gemfile

@@ -4,3 +4,4 @@ gem 'sinatra'
 gem 'haml'
 
 gem 'httparty'
+gem 'json'

spec/support/chubbies/Gemfile.lock

@@ -5,6 +5,7 @@ GEM
     haml (3.0.18)
     httparty (0.7.4)
       crack (= 0.1.8)
+    json (1.4.6)
     rack (1.2.2)
     sinatra (1.2.6)
       rack (~> 1.1)
@@ -17,4 +18,5 @@ PLATFORMS
 DEPENDENCIES
   haml
   httparty
+  json
   sinatra

spec/support/chubbies/app.rb

@@ -3,6 +3,7 @@ require 'bundler/setup'
 require 'sinatra'
 require 'haml'
 require 'httparty'
+require 'json'
 
 def resource_host
   url = "http://localhost:"
@@ -14,8 +15,8 @@ def resource_host
   url
 end
 
-CLIENT_ID = 'abcdefgh12345678'
-CLIENT_SECRET = 'secret'
+@@client_id = nil
+@@client_secret = nil
 RESOURCE_HOST = resource_host
 
 enable :sessions
@@ -34,7 +35,11 @@ helpers do
   end
 
   def authorize_url
-    RESOURCE_HOST + "/oauth/authorize?client_id=#{CLIENT_ID}&client_secret=#{CLIENT_SECRET}&redirect_uri=#{redirect_uri}"
+    RESOURCE_HOST + "/oauth/authorize?client_id=#{@@client_id}&client_secret=#{@@client_secret}&redirect_uri=#{redirect_uri}"
+  end
+
+  def token_url
+    RESOURCE_HOST + "/oauth/token"
   end
 
   def access_token_url
@@ -48,9 +53,16 @@ end
 
 get '/callback' do
   unless params["error"]
+
+   if(params["client_id"] && params["client_secret"])
+      @@client_id = params["client_id"]
+      @@client_secret = params["client_secret"]
+      redirect '/account'
+
+    else
       response = HTTParty.post(access_token_url, :body => {
-      :client_id => CLIENT_ID,
-      :client_secret => CLIENT_SECRET,
+        :client_id => @@client_id,
+        :client_secret => @@client_secret,
         :redirect_uri => redirect_uri,
         :code => params["code"],
         :grant_type => 'authorization_code'}
@@ -58,18 +70,38 @@ get '/callback' do
 
       session[:access_token] = response["access_token"]
       redirect '/account'
+    end
   else
     "What is your major malfunction?"
   end
 end
 
 get '/account' do
+  if !@@client_id && !@@client_secret
+    response = HTTParty.post(token_url, :body => {
+      :type => :client_associate,
+      :name => :Chubbies,
+      :redirect_uri => redirect_uri
+    })
+
+    json = JSON.parse(response.body)
+
+    @@client_id = json["client_id"]
+    @@client_secret = json["client_secret"]
+    
+    redirect '/account'
+
+  else
     if access_token
-    @resource_server = RESOURCE_HOST
-    @url = "/api/v0/me.json"
-    @resource_response = get_with_access_token(@url)
+      @resource_response = get_with_access_token("/api/v0/me")
       haml :response
     else
       redirect authorize_url
     end
+  end
+end
+
+get '/reset' do
+  @@client_id = nil
+  @@client_secret = nil
 end