Security News
Follow-up and Clarification on Recent Malicious Ruby Gems Campaign
A clarification on our recent research investigating 60 malicious Ruby gems.
By Sarah Gooding - Aug 22, 2025
muck-oauth
= muck-oauth This gem wraps oauth and oauth-plugin to make it simple to get tokens for services that muck can interact with various services.
For more documentation see: http://github.com/pelle/oauth-plugin http://stakeventures.com/articles/2009/07/21/consuming-oauth-intelligently-in-rails http://stakeventures.com/articles/2008/02/23/developing-oauth-clients-in-ruby
== Installation Add the following to environment.rb config.gem "oauth" config.gem "oauth-plugin" config.gem "muck-oauth"
Add the following to your user model: acts_as_muck_oauth_user
== Configuration Add the following to global_config.yml. Be sure to get keys from each service that you want to interact with.
Oauth
Twitter api access: http://www.twitter.com/apps
twitter_oauth_key: '' twitter_oauth_secret: ''
Google api access: http://code.google.com/apis/accounts/docs/RegistrationForWebAppsAuto.html#register
google_oauth_key: "" google_oauth_secret: ""
Yahoo api access: http://developer.yahoo.com/flickr/
yahoo_oauth_key: "" yahoo_oauth_secret: ""
Flick api access: http://www.flickr.com/services/apps/create/apply
flickr_oauth_key:
flickr_oauth_secret:
Linked In api access: https://www.linkedin.com/secure/developer
linkedin_oauth_key: ""
linkedin_oauth_secret: ""
linkedin_oauth_key: "" linkedin_oauth_secret: ""
Friendfeed api access: https://friendfeed.com/account/login?next=%2Fapi%2Fregister
Production
friendfeed_oauth_key: '' friendfeed_oauth_secret: ''
Test
friendfeed_oauth_key: '' friendfeed_oauth_secret: ''
== Usage Add configuration for services to: intializers/oauth_consumers.rb
Link to each service like this: Twitter Google
Each service provides methods that enable communication with the service's api via popular gems. For example, the twitter service uses the twitter gem and so you can call methods against a user's twitter account like this:
user.twitter.client.verify_credentials[:screen_name]
Please see each gem's documentation for more information: Twitter Docs: http://rdoc.info/projects/jnunemaker/twitter Twitter Examples: http://github.com/jnunemaker/twitter-app/ i.e. user.twitter.client
Linked In Docs: http://github.com/pengwynn/linkedin i.e. user.linked_in.client
Google Docs: http://github.com/pelle/portablecontacts i.e. user.google.portable_contacts
Fire Eagle Docs: http://fireeagle.rubyforge.org/ i.e. user.fire_eagle.client
Friend Feed Docs: None yet
Yahoo Docs: None yet
Flickr None yet
== Tips and Help If you get an error like this: uninitialized constant User::TwitterToken it means you need to setup your global_config.yml with the values specified above.
Copyright (c) 2009 Tatemae.com. See LICENSE for details.
FAQs
Unknown package
We found that muck-oauth demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 02 Jun 2010
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
ESLint Adds Support for Parallel Linting, Closing 10-Year-Old Feature Request
ESLint now supports parallel linting with a new --concurrency flag, delivering major speed gains and closing a 10-year-old feature request.
By Sarah Gooding - Aug 22, 2025
Research
/Security News
Malicious Go Module Disguised as SSH Brute Forcer Exfiltrates Credentials via Telegram
A malicious Go module posing as an SSH brute forcer exfiltrates stolen credentials to a Telegram bot controlled by a Russian-speaking threat actor.
By Kirill Boychenko - Aug 21, 2025