A screenshot of a nicely formatted web page showing neatly indented JSON

oAuth is sort of a pain. Now that I sort of know how to plumb it in – enough that I’m going to make myself a little repo with a reference application – it has opened up a lot of interesting possibilities.

The whole experience reminded me of when I was doing Drupal development for a job I took to get into tech and out of pure editorial. We needed to do some work migrating a bunch of content between sites. My predecessor, who’d established the site on a previous version of Drupal, had done a similar task with a certain plugin, so working from his notes I installed and learned – that it wasn’t a clickable GUI thing with a wizard anymore – it was now a content migration “framework,” which meant I was going to spend some time learning its API and writing my own PHP plugin to support our particular needs, or … nothing. Ask for money for the outside guys, I guess, because I’d been hired to get better at PHP, not know it. I ended up hobbling through, and I still remember hopping around my office when the damn migration just ran on our 800,000+ user database.

So this weekend I was shopping around for a library to help me get oAuth plumbed in. OmniAuth presented itself right away, and seemed to have a SmugMug “strategy” – their word for “module” or “plugin” – so my eyes lit up. Then reality set in: The strategy was for an older version, and it targeted the old SmugMug API. Okay, fine, I was feeling industrious so what even was a strategy? I looked at a few and my eyes glazed because I had a nodding understanding of how all this worked, but not enough to sit down and implement a plugin for my specific problem.

I think that’s probably okay. I set OmniAuth aside and went with the vanilla Ruby oAuth gem and a reference Sinatra app someone wrote that did a really nice job of creating routes that recreated the oAuth dance. I had found a few other examples, but they were less systematic and harder to peel apart. By the time I was done fiddling with it to get it to work with SmugMug’s particular oAuth endpoints, I felt a lot more confident on how the protocol actually works.

So, do I “know oAuth?” No, I do not. Asked to implement an oAuth signin process from scratch, I could not just implement it. But I do know, more or less, the vocabulary, the steps in the process, and what it’s doing behind the scenes. Using standard libraries is a repeatable task. Good enough.

What else?

I was a little more forward-thinking this time around and picked up dotenv to manage API tokens. I might even be over-using it a little, because it can use the variables you store in it to make other variables. It just makes the core app a little less busy at the expense of having a .env file to consult if something seems to come from nowhere.

I have never been a big linter person, so I decided to give rubocop a shot. I appreciate it as an education tool. There are a lot of things about good Ruby style I never learned, so it was a little alarming at first. Sort of like I’d been made to code in a small room with a large speaker on the wall that was fed by a room full of the most earnest Ruby style pedants monitoring me from a hidden camera.

I ended up turning off a few things it wanted to complain about for … reasons … (like shebangs) but did learn a few things and did find that by paying attention and accepting the corrections I no longer guiltily run a beautifier before every commit because things are at least consistent and tidy. Plus it complains about a few things that are at least potentially problematic.

What else?

Not much. I think I’m feeling voluble because juggling oAuth’s needs with what I wanted to accomplish was a pain in the neck, and SmugMug maintains a separate API for uploading that is harder to interact with than the one I will need to use for the rest of the project. I don’t even really need the uploading API because their own uploaders and tools are great. Cloudflare was simple to figure out, hence alluring, but using my normal stuff (e.g. Lightroom) I can also get titles, keywords, exif data, etc. and do more interesting things without having to build out a database of some kind, or building special UIs to get that stuff. But anyhow, adding then managing the complexity of oAuth feels like an accomplishment. I don’t know how many little ideas I’ve bounced off of because the API I would have needed to touch had moved on from simpler approaches.

And I am feeling good because I realized at some point over the past couple of weeks that I am doing all this because it is playing. I used to do a lot of little utility scripts and silly gadgets because it was fun and absorbing, not because it was hugely practical or efficient. It was just playing. I stopped playing for a long while. It feels good to play again.