table
Consumers are stored in the table oauth_consumers
.
before_set_last_timestamp
If the new timestamp is different from the last_timestamp, then clear any nonces we've used. Nonces must only be unique for requests of a given timestamp.
Note that you should ALWAYS call is_valid_request before updating the last_timestamp. You should also verify the signature and make sure the request all went through before updating the last_timestamp. Otherwise an attacker may be able to create a request with an extraordinarily high timestamp and screw up the regular consumer.
is_valid_request TIMESTAMP, NONCE
This will do some sanity checks (as required for security by the OAuth spec). It will make sure that the timestamp is not less than the latest timestamp for this consumer. It will also make sure that the nonce hasn't been seen for this timestamp (very important).
ALWAYS call this method when handling OAuth requests. EARLY.
made_request TIMESTAMP, NONCE
This method is to be called just before you're done processing an OAuth request. Parameters were valid, no errors occurred, everything's generally hunky-dory. This updates the last_timestamp
of the consumer, and sets the nonce as "used" for this new timestamp.
current_user_can
Only root may have access to this model.