My name is Johnny Halife, I'm yet another software developer that writes his thoughts on a blog. You can also follow me on Twitter or check my open source projects on GitHub.
This week I was invited to speak at an event organized by Martín Salias and the MUG (Microsoft User Group Argentina) people. This time I gave a short introduction to Node.js, here's the Mural that I've created for that event
Don't you have a Mural.ly account? Get one! http://beta.mural.ly
The time has come, in fact it was a short week, emotionally loaded, going through all the history of these +6 years here. But it's time to say goodbye. I've been thinking (almost for a month), how this post will look like. Should it be funny or loaded of memories that will make me cry? The only thing that I knew was that saying bye would be really hard.
After giving it a lot of thinking, I decided to write this small chronology of how was it for me staying at Southworks for these +6 years, since the begining until the end of my jounery. Take a sit, and enjoy with me...
It started 2254 days ago, sitting on bar called "SODA" in Puerto Madero, I met this guy called "Ale Jack" who wanted to talk with me about a company he was starting. We sat down, it was a strange interview, eating pizza under a beautiful Sun, his plans, thoughts, and vision got me to sign in to the uncertainty and 2 weeks later I was sitting on México 613, Buenos Aires, Argentina where our old office used to be.
It started with a awesome course on Certified Scrum Master, where I met someone I'll be working with on my new adventure, but also where I learnt a lot of useful stuff that I applied on daily basis. I was just 20 years old, dying for lifetime experience that was about to happen.
September 20th, 2006, the day that changed everything. Mariano (who I went to school with and one of the reasons I ended here) and I travelled for 3 months to Microsoft Campus on Redmond, Washington, United States (if you ask my mom she'll swear she saw a flight ticket with Oct 24. as the return date). No doubts this was a life changing experience.
We joined Microsoft Patterns & Practices Development Team for helping develop the Web Client Software Factory (yeah, Software Factories, do ye remember?). It was awesome, a real agile environment, with great people, PMs and Architects to learn from. The opportunity of my life, what I was begging for, happened here, I was that developer I always wanted to be.
It was an important year too, as we met Tim Osborn, for Southworks as company it was an awesome incorporation, for me personally was a win! I met one of those guys, the ones that have the proper words, for the proper time. A fountain of wisdom, and one of the best sources for advice.
2006 ended as cool as it started, would you travel on Christmas eve? Well, I did and that's how DinnerNow started...
Have you ever wonder how does it feel travelling at least once a week for months taking two planes (~17 hrs.)? Well, I'm almost an expert and let me tell you, sometimes you can go crazy!.
DinnerNow was the most ambitous project I worked for Microsoft DPE. I remember that I travelled to meet with James Conard and David Aiken for building DinnerNow. When I asked the idea sounded cool, but I was more concerned about the technology and when I asked which products were they using the answer was: "Everything, and if there's something we aren't using let's use it".
DinnerNow was the first integration sample application I've ever seen (and built). It had everything, from NetFx (which was brand new) up to MMC with WPF (our first experiment with that, and the base for all the future MMCs we built), Linq, ASP.NET Ajax, CardSpace et al.
One cool thing that was born there was the Dependency Checker, what you see today on Microsoft Samples for checking dependencies was born on DinnerNow. I remember that was James' idea and David created the first prototype which was a single method called DoStuff().
On 2007, we also worked with Eugenio Pace on Northwind Hosting which belive it or not was a really close to what it ended up being Windows Azure. It was our approach to SaaS/Cloud Computing. And I'll always remember those discussions which should be pretty similar to those that Windows Azure Team has today.
I think the title of the section is descriptive enough but let me tell you what happened on that awesome year. It started with new projects, I was travelling to México to meet new customers, doing some new stuff. Meanwhile the team here was cracking some code on the SQL Data Services platform that was borning.
I remember that I was in Campus with a bunch of people from México that I took there for a Workshop on WPF. And while there I got an email from Tim saying that "we have an opportunity to be on last BillG's Keynote". I was damn excited, we agreed that we needed to show what we were capable of, and for a meeting we had with the people working on that I remember writing a WinMo 6.0 app that uploaded a picture straight to SSDS, it's the WOW! effect we were looking for.
Lito, Tim and I travelled to Orlando, FL to assit the SQL Server Team (in charge of Bill Gates' Keynote). There we met with people like S. Somasegar - Corporate VP from the Developer Division (on the picture above) or D. Campbell - Techincall Fellow (on the picture below). It was an awesome experience, and the team we built with SQL Server Product Group was incredible!
The day came, the demo was a great success, and then we saw him. He was real, there standing and staring at us, when a "Thank you, good job" was said. Our smile was the biggest ever, and through his secretary he accepted (or asked, I don't remember) to take a picture with us, here it's.
We didn't settle after the success of Tech Ed 08' and went for more, we took part on the Keynotes for PDC 08' where project formerly known as RedDog (now Windows Azure) was presented. I remember we had access to the early bits, and our staging environment was a developer machine. That was my first PDC ever, and was awesome.
I remember that we met Anders Hejlsberg (the father of C#, on the picture above), and this "new corporte VP" some guy known as ScottGu (on the picture below) which was awesome, as he really knew what we has talking about (jQuery and all that by that time).
Taking advantage that we were close enough to Palo Alto, we decided to go on a Road Trip with Fede Jack and Ale Jack. We went from LA to SFO, well we (Ale and I) slept while Fede drove from LA to SFO =).
I will always remember 2009 as the Engineering Excellence year, it was the year when created Wolof which is Southworks' internal backlog management tool (uff, damn it's hard not to say our or my there). We learnt Ruby, we did awesome stuff, and definitely had fun.
These two people are one of my best friends in the world, much more than what work can do. I've been managing these two guys for almost 4 years, and we rocked. If I ever have to choose a team on the world, I'll definitely choose them.
They have been my family, my friends, and my brothers-in-arms for the past years, we've done everything together partying, going out, discuss, fight, create an awesome product like Wolof, travel to Redmond (with JPG), build a Data Center, tier down a Data Center, move a company to the cloud, and enjoyed an awesome friendship that will last forever.
The saddest part of leaving Southworks is leaving them behind on my daily basis, my crew, the EE Team. Damn I'll miss these two, I couldn't help crying while I was writing this, they're the best that happened to me here @ Southworks.
With the impulse from Wolof, we got to work on a completely different project it was a GAME! Yes, my friends from 3Melons asked for help and consulting advice for getting their brand new game Bola! to scale and it was awesome. I learnt tons about architecture, and have a lot of fun (even though it was really stressful). It was also the first time I got to work with my soon to be partners.
After Bola's closure we did some work on OData with Seba Renzi, and JPG for Jonathan Carter who by that time was Evangelizing OData on Microsoft DPE.
Then the biggest project of my life appear, we went on designing and implementing the UI for Windows Powershell Web Access. I was really lucky to be part as the architect for that project, and got our mark (with JPG) committed on Windows 8 code-base, that for sure was huge milestone on my career and for Southworks!
Last year was full of cool projects, it started on Las Vegas and LA working on Media-related projects and MIX. I got to travel all over doing bunch of interesting things and meeting people from all over. I got to hang out with my friends in different venues all over the world. We had great time working hanging out with Drew Robbins, Phill Haack, JC and many other MSFT friends.
It was also my last trip to Microsoft Campus as Southworks employee, I went there with my friend JPG on his first time. We had a blast, and worked really hard on the demos for Tech Ed North America 2011, I think it was FabrikamFiber by that time. I will always remember how Drew Robbins rocked the stage!
I remember that just before I took my cab to the Airport, I had an interview with this "supposed to be good dev", his name was Mauro. He was quiet, and after almost 3 hours talking I decided we should hire him. Man, that was one of the best decisions I made here at Southworks, Mauro is a sharp developer and with JPG we have done all sorts of crazy stuff.
Together we did the Content Installer (the Content Distribution Platform that Microsoft DPE is using for delivering Hands On Labs and Training Kits), the Windows 8 Demo called "Margie's Travels", the Windows Azure Toolkit for Windows 8, the Windows Azure Toolkit for Android Devices and we even created an awesome demo that was shown by Wade Wegner for managing Windows Azure using Kinect!
I really loved working together with this team, and I'm really proud of what we accomplished. I'll miss the adrenaline of working with these guys for sure!
After all the awesome endeavors I've been part throughout all these years I decided to quit and join a new venture. I'll be joining my friend Pato Jutard and the rest of Tactivos team for building Murally.
Murally is an open canvas to collect, remix and share visual ideas! If you take a look at the Video below you will understand what I'm talking about, and you will see how cool it is.
I'm happy to join this new venture, it'll be an awesome experience for sure. I really like the team we have, and I think all the experience I made working on all these projects will add up to the final result. If you didn't try it yet, go ahead and request a private beta!
I want to thank Alejandro Jack, for offering me the job in the first place and also for trusting a 19 years old kid for doing all these stuff (that's how old I was at the begining). I want to thank the original team including Mati Woloski, Lito Damiani, Beto Ortega, Shaggy Schapiro, Fede Jack, Tim Osborn, and Mariano Szklanny. These people were the original team that helped me get here, and that I'll always remember with a huge smile!
I also want to thank my team/s or the people I worked with and shared my stay here including but not limited to: Juampi Garcia, Ezequiel Morito, Sebas Iacomuzzi, Tony Poza, Marce Rodriguez, Seba Durandeu, Fede Boerr, Seba Renzi, and many more (please forgive me if I miss someone). While it might not have seemed like much at the time, these people offered me an opportunity of joining a team that changed my life with the kind of permanence and indelibility usually reserved for tragedy or parenthood. I couldn't be more thankful.
And lastly, I'd like to thank everyone making Southworks, our customers and everybody that shared some of this story with me. Software Industry is awesome, I love innovation and excellence, and the people I met throughout all these years are passionate about it, and invested a lot reading me or discussing all those ideas that we implemented, that experience is priceless for me. There is no harsher critic or stronger supporter and that passion will continue to lead to great things.
And that's where I'm going. To discover the next generation again, to make a new adventure on an uncertain world, and see what other opportunities are available. You can follow me on Twitter (@johnnyhalife) to find out more!
Today I woke up feeling a little bit different, and while having my coffee, I started thinking how long would it be until I write this post, and here it is. Last month, I completed my 6-years mark here at Southworks. Just before approaching that milestone I started thinking about what's next on my professional career, and I decided to leave Southworks to join a new venture (a startup here in Buenos Aires, Argentina).
I've been very lucky to get to work with such smart people, helping and collaborating on all those conferences and keynotes, travel all over helping solving problems, working on interesting projects (i.e. architecting/building Powershell for Web Browsers, now available on Win 8), and getting to know most of the people that I admire (on geek stuff) personally (like when I met Bill Gates or Anders Hejlsberg).
Southworks gave me lots of opportunities that I think I took advantage of, but the most important thing (and what I'll miss the most) is my team. My relationship with my brothers-in-arms goes far beyond a project, it's a friendship that will transcend jobs, but it won't be the same.
By the end of Friday, January 27, 2012 I'll hand over my card key, my keys, passwords, and then experience an exit interview. Leaving more than 25% of my life behind as lovely memories (6 years, and I'm 26 years old).
It's funny that I'm thinking on an exit interview, and that I talk about offices, projects, and trips since when I got here, I used to sit on a stool (literally) and share a couple of cheap tables. I think that what I most enjoyed is being part of the journey of becoming a real-company.
My new adventure is related to an startup in which I'll be giving my best to create an awesome product, and as usual have fun along the way! I think that it's the correct step given my age, and experience.
I’ll let you know (very very soon), when I start a new gig. My new company is an awesome project, and I'd love to hear what you think about it. Also it has good friends that I met throughout the years, and I’m very excited about this new position that will help me do what (I think) I do best THINK, INVENT, CREATE, and BUILD.
I will really miss working at Southworks and being so-close involved with Microsoft, and its community but I'll really stay around, continue doing, helping and speaking on community-related events. I am really excited about this new opportunity, and I hope you continue reading my blog which will have more startup adventures and lessons learnt that ever!
You will be able to continue reading my stuff on my blog and you can follow me on twitter!
Thanks, and rock on!
About a month ago my friend Phill Haack published a post with almost the same purpose. Basically there's a bug on ASP.NET Forms Authentication that you cannot skip the Login Page redirect (out of the box) when your response has a HTTP 401 for HttpStatusCode.
Phill focused his post (and NuGet package) on the Ajax Scenario. This means, when you are performing a request using Javascript and you want the browser to get HTTP 401 instead of a HTTP 302 (Redirect) with Location header set to the login page.
A couple of weeks ago while working on a project with Wade Wegner, while using Web API, we faced exactly the same problem:
we were being redirected and even though we tried Phill's fix, we couldn't make it work with Web API.
Why? Well, after chatting with Glenn Block he gently explained to me that you shouldn't take for granted that your Service (or Handler) will have access to the HttpContext or even the same Thread as it runs async, and that the best way to pass context information was stuffing information into the message.
Working with Juan Pablo, Mariano Converti and the rest of our Southworks gang we decided that we wanted to keep Phill's approach but also extend it, after Glenn's advice, so it can consider "marked responses" using our custom HttpHeader.
We could have gone the HttpResponseMessage.Items path, but as we want to keep it simple and decoupled from Web API so you can also use it with your own stuff.
We packaged the solution into a cool Nuget package that will do everything for you :)
PM> install package aspnet.suppressformsredirect
That will add the reference, and include the module on your web.config. Then on your application if you want to throw a 401 and you want to suppress the forms redirect, then you just have to
// This will add the item that our suppression module looks for on the HttpContext.Items HttpContext.Current.Items.Add(SuppressFormsAuthenticationRedirectModule.SuppressFormsAuthenticationKey, "true");
However, if you're using WebAPI it's not a safe to do that from within a DelegatingHandler or an OperationHandler. Instead you should add the header I mentioned at the begging of this section. As follows
// We include the header on the HttpResponseMessage and the module takes care by itself var response = new HttpResponseMessage(System.Net.HttpStatusCode.Unauthorized); response.Headers.Add(SuppressFormsAuthenticationRedirectModule.SuppressFormsHeaderName, "true"); throw new HttpResponseException(response);
Of course, this is a temporary hack until the ASP.NET Framework Team gives us an elegant way to turn off redirect using <location /> or something similar. If you have feedback or contribution you want to make to the package, you can easily go ahead and Fork it on GitHub.
thanks,
~johnny
Long gone Wordpress days have gone. Previously, I used to have my blog here, under Southworks blogs, that are currently hosted using Wordpress but I decided to move on.
I found myself frustrated with the way we publish on our blogs, like: WYSIWYG editors, Windows Live Writer, among others. My creative process it's much more rudimentary: I basically open TextMate and words start flowing, then when I need to get it posted on Wordpress is when the "I'll never publish it" moment appears.
Writing is something that I enjoy, it's something that comes and goes from my mind but I need to get better at it too. I really like writing, although I might not have lot of interesting things to share, I take it as an exercise.
Since excuses are easy, I wanted to remove one layer of frustration and that's why I created this new blog.
I found that Mojombo from Github has a project called "Jekyll" this is (to simplify) a git-based blog engine. You write using HTML/Markdown and then you push it to your app (and the full site gets regenerated).
With Jekyll I got what I wanted: an easy to use publishing platform that it's extensible enough so I can hack my own shit.
The theme you're looking at right now it's based on Bootstrap, from Twitter. I wanted an easy and clean UI and Bootstrap gave me a great starting point.
Comments were something I was intrigued by, but then I remember that my friend Drew Robbins mentioned disqus and I loved it. Basically I've outsourced my commenting platform and the service I'm getting is awesome.
Last but not least, hosting was something I need to solve, and I ended up using Heroku (for free!) with the new amazing cedar platform. Creating the site you're seeing this hosted was as easy as:
?> sudo gem install heroku # it's important to mention the stack in here ?> heroku create johnnyhalife-blog --stack cedar
And then you need your Gemfile with Jekyll and its dependencies (RedCloth at least). Since we are using cedar stack, we'll need to craft a Procfile (I've already published mine on github). It's not rocket science, your Procfile should look like
web: jekyll --server $PORT
Throughout all this process (that only took me a day) I've learnt lots of new things, so I thought it would be cool if "open source my blog" and I pushed it to github. You can easily clone it, and use it as a base for your own. What you will get:
That's pretty much the story behind my brand new blog, how, why and when.
thanks,
~johnny
Late October 2010, Tim, Geoff and I went to meet Sam (SR DEV LED from Windows Manageability) to talk about a potential engagement on a Web UI Project for Windows Powershell 3.0. We got really excited about the opportunity and after eleven (11) weeks of hard work, we helped Windows Manageability to deliver the first version of Windows Powershell Web Access.
Imagine how hard has it been for me to keep the secret during all this time, however today (September 15, 2011) I got really excited when I saw that Windows Powershell Web Access is now public and available for you to use. I'm happier than ever, as it's a huge milestone for me in my professional career being the Architect for the UX of a Windows Product. It's really hard for me to express the satisfaction of all this becoming real.
I love Powershell, since the early days of DinnerNow with James Conard, and David Aiken, we have always been advocates of Windows Powershell, you can also see it on all the other projects we helped on the past that they have Powershell somewhere for sure. With this new feature we helped Windows Team on broadening the experience for new users, users on any platform, users anywhere, all it takes is a Web Browser, that can even be a Mobile Device.
I will not get on the details as Jan Egil Ring from blog.powershell.no has a great post on how to enable and play with the feature itself, I just wanted to share my happiness with everybody and also I want to thank the whole team for this awesome delivery, these are the guys that have been involved on the project: Juan Pablo Garcia the best HTML/CSS Ninja who can make you think you’re on the real console, Esteban Lopez our Test Jedi who trapped all the bugs (before you hopefully), and Pablo Marc the warrior of the JavaScript Performance who incredibly increased the speed of it. These are the real people behind the product from Southworks, and it's been more than a pleasure to work with people with such level of professionalism, enthusiasm and technical knowledge.
Thanks and read you soon!
~johnny
Hot off the press! As it just was shown by Scott Gu during PDC 2010 keynote, now you can search eBay using a new OData API. The API is running on Windows Azure Platform and can be reached at http://ebayodata.cloudapp.net.
There's also some interesting developer documentation that can be seen at http://ebayodata.cloudapp.net/Docs to help you get started.
Besides from the great hype of OData, it's cool to mention that the API has been built with using nothing but existing eBay's APIs (If you wanna learn how it's built and what's happening under-the-hood, I strongly recommend you to see Pablo Castro's talk about Building Real-World OData Services). You can search on the catalog using a simple but yet powerful search interface provided by the OData protocol. e.g. http://ebayodata.cloudapp.net/Items?search=the walking dead
I'm also happy that this sees the light because there was great people behind it, and working with them it's truly an inspiration from the technical perspective and also from the human side. These people taught me a very important lesson on commitment and how you can always self-improve by pushing harder and harder.
As part of these team there're 3 people that I want to special mention and thanks for all their contributions in my personal growth but also for letting me be part of a kick ass team:
Juan Pablo & SebaRen. Words aren't enough, thanks thanks thanks and more thanks. Never, ever, in my whole entire life I worked with two people like them, no matter the time, always running against the clock this guysmade all these possible (most of this public is going public today so stay tuned).
JC (Jonathan Carter). Lately we paired up on bunch of stuff, and we became close friends and even with thousands of miles of distance we kept a great communication channel. He taught me bunch of valuable lessons while building the project. His ability to position himself on the customer/developer/whatever side it's amazing and it really adds value on the final result. I've never seen anyone who thinks that much (and focused that much) on the dev reaction and feelings while using a library. This is one of the guys that no matter what we're building, the language, or even the purpose I wanna work with.
#PDC10 just kicked off, and you just seen a quick peep of what's really going on, stay tuned!
thanks,
~johnny
Hey folks, yesterday (Sept 3. 2010), I gave a talk on the Code Camp Buenos Aires 2010 as the title of this post states I spent some time talking about IronRuby. The primary focus of the talk was on showing how to get the better of both worlds and how to work combining them (C# / Ruby).
As I would expect people that attended the talk were senior geeks which engaged with the topic and (hopefully) enjoyed a from-scratch writing of a Testing Framework =).
I want to thank everyone that assisted and Miguel Saez for the organization of the Event which as usual was flawless.
As promised here are the materials from the talk:
Presentation is also available on SlideShare.net Code Camp 2010 - Iron Ruby "Paso a Paso"
thanks,
~johnny
Lately, we've been working on a Windows Azure Project with huge load, really high peaks. During the project we got the following "gotcha moments" that I'll be trying to summarize throughout the post and thru a series of post I expect to write.
On iServiceOriented.com, there was this post about tweaking WCF that still valid up-to-day. WCF is broken by default, and if you were planning using it on Windows Azure (or even your own servers) you must tweak it with all the performance optimizations, except that you are fine with a lousy 10 requests per second.
RetryPolicy is the mechanism used by the Windows Azure Storage Client to prevent the users from its own service fails. As the idea itself rocks, implementation wasn't necessarily done for your scalability needs.
When writing high traffic services you might want to keep the least number of threads or at least all of the identified, the built-in RetryPolicy hides the underlying complexity of performing retries when the service fails but it also hides the Thread usage from you which at this scale is critical.
By using RetryPolicies.NoRetry you can prevent your app for creating threads just to ensure that an action has been executed, and if you need your app to retry for an eventual Service Availability issue, write your own policy.
If you need inspiration, you can check these snippets for RetryPolicy and another thing that you should consider when doing this type of things, like adding an Extension Method to identify whether an exception is "Retry-able" or not.
"Cloud Computing" brought Computing up to a whole new level, nowadays developers are able to tell how much a design decision cost. This is stunning, now all those performance optimizations that you always wanted but never had the chance to implement have a strong economical justification (or not).
Whenever you're exposing data to a client thru a (web)service in Windows Azure your paying for I/O and Compute Hours. This costs are distributed as transfer from/to Storage to the Service and from/to Service to the Client.
Now consider the following, the reference data of your application (data pretty much the same for all the users) can be consumed by the Client straight from Storage instead. Now the cost distribution radically changes to be I/O from Windows Azure Storage to Client, no more Compute Time nor scalability headaches.
Redirecting the load to Windows Azure not only saves you some bucks from Computing Power and I/O but also take out the pain of having to scale up your services, since Microsoft is the responsible of scaling it up.
When doing this remember that Windows Azure Storage is RESTful and all the optimization that can be performed at the transport level (like Caching, Expiration, GZip, etc) perfectly fit here, and if it's a javascript client take a look at JSON(P) (JSON is much more efficient than XML).
Experience has proven that if you live on the latest VM Image by Windows Azure Team your performance and stability will increase as they ship new images.
Except your code has compatibility issues with .NET 4 or issues with .NET 3.5 SP(x) you should live always on the latest VM image. This can be configured using the Windows Azure MMC and setting the Virtual Machine Image Version to "*" (star)
I expect to continue writing about the different patterns, gotchas and stuff we figured out while working on Windows Azure, so stay tuned!
thanks,
~johnny
Taken from the rebase concept of git which is also used by GitHub to show they newsworthy and notable projects, I’m using the post to do the same with bunch of Open Source, shared, hacking projects I’ll be doing lately.
Since 2010 started, I didn’t blogged that often, but there were a couple of projects that I’ve been working lately. Throughout this post, I’ll describe each one and the futures.
Every piece of feedback will be welcome, as every other contribution too.
Enjoy the ride,
~johnny
Yesterday, with Juan Pablo, we published our first version of Rack::Auth::WRAP the first version of the Rack. If you are familiar with the protocol, you can skip the next section if not, take a look at it. Extracted from the read me at github.com.
Web Resource Authorization Protocol (WRAP) is a profile of OAuth, also called OAuth WRAP. While similar in pattern to OAuth 1.0A, the WRAP profile(s) have a number of important capabilities that were not available previously in OAuth. This specification is being contributed to the IETF OAuth WG.
Also this same group owns the specification for the SWT (Simple-Web-Token), for more information read wiki.oauth.net/OAuth-WRAP or visit the groups.google.com/group/oauth-wrap-wg.
The latest specification for the complete protocol can be found at Google Group as HTML (RFC properly formatted) on groups.google.com/group/oauth-wrap-wg/attach/981df73f2839b8ef/draft-hardt-oauth-wrap-01.html?part=5
As you might be thinking, our first resource will be a Sinatra application.
First of all we need to install the gem, as
[sudo] gem install rack-oauth-wrap
To make the sample easier let’s create our own shared key, we can all share this for demo purpose
NjkzNTczOTAtMDA2MC0wMTJkLTQ1M2YtMDAyMzMyYjFmYWY4\n
So let’s start by creating the protected resource
require 'rubygems'
require 'sinatra'
require 'rack/auth/wrap'
use Rack::Auth::WRAP, :shared_secret =>t; "NjkzNTczOTAtMDA2MC0wMTJkLTQ1M2YtMDAyMzMyYjFmYWY4",
:audiences =>; "http://localhost:4567",
:trusted_issuers =>; "urn:demo-issuer"
get "/" do
if @env["REMOTE_USER"]
return "You are authenticated as #{@env["REMOTE_USER"]['Email']}"
else
return "You are an unauthenticated user"
end
end
Now we can start this on a Terminal (cmd, or whatever) and let’s jump to the consumer, but first if you try it without sending a token, and using the client we are going to build, you will get:
?> curl http://localhost:45678 You are unauthenticated
Now lets create a client trying to access a protected resource with a token on the header (requires restclient)
require 'rubygems'
require 'cgi'
require 'base64'
require 'restclient'
require 'hmac/sha2'
SHARED_SECRET = "NjkzNTczOTAtMDA2MC0wMTJkLTQ1M2YtMDAyMzMyYjFmYWY4\n"
simple_web_token = {'Audience' =>; "http://localhost:4567",
'Issuer' =>; "urn:demo-issuer",
'ExpiresOn' =>; (Time.now.to_i + 60).to_s,
'Email' =>; 'johnny.halife@sample.com'}.map{|k, v| "#{k}=#{CGI.escape(v)}"}.join("&")
signature = Base64.encode64(HMAC::SHA256.new(Base64.decode64(SHARED_SECRET)).update(simple_web_token.toutf8).digest).strip
simple_web_token += "&HMACSHA256=#{CGI.escape(signature)}"
puts RestClient.get("http://localhost:4567/", "Authorization" =>; "WRAP access_token=#{CGI.escape(simple_web_token)}")
Now let’s try our client, and see if there’s any difference with the curl request:
?> ruby client.rb You are authenticated as johnny.halife@sample.com
As you can see, we have our first end to end, Rack::Auth::WRAP Sample.
DISCLAIMER: On a real world application you won’t generate your own token as we are doing on the client code. We are doing it for demo purposed, but probably on you app you will get a token from an authorization server.
Both snippets are available as gits on github: Protected Resource / Client. We are assuming that this is running on localhost:4567
On the upcoming days/weeks/months we are going to get on the middleware support for the other ways of getting the token, like Query String and/or method body. Also we would like to implement the Web Profile of WRAP, so stay tuned.
You can read the freshly published documentation at http://rack-oauth-wrap.heroku.com
Source Code available at: http://github.com/johnnyhalife/rack-oauth-wrap
First of all, if you aren’t familiar with Tcl it’s “originally from “Tool Command Language”, but conventionally rendered as Tcl is a scripting language created by John Ousterhout”. I encourage you to test it and also if you are interested read Where’s Tcl hiding?.
This project was born after half an hour spiking on how hard it will be to parse a token on a bare linux distro that only has Tcl. After we noticed that Tcl is really straightforward language for design, prototype and is fun to write, we packed this lib and make it available for anyone interested.
Here’s an snippet of the intended usage of the lib
package require ::oauth::wrap
set rawToken "access_token=something&other_parameters_to_ignore" #=> the token from the IP
# => creates a configuration dictionary for the values
dict set configuration signingKey {valid_key} # => signing key used by the Identity Provider
dict set configuration issuer {valid_issuer} # => the identity provider URI
dict set configuration audience {valid_audience} # => my application audience URI
# this will return the token when it's valid else it will return false
set token [oauth::wrap::authenticate $configuration $rawToken]
# at this point if the token valid you can mess around with its claims
# that are returned on a dictionary form
set name [dict get $token name]
It’s fun to give it a shot, check out the source code at http://github.com/johnnyhalife/tcl-oauth-wrap
On the 4th February, 2010 I’ve published the version 1.0 of ruby gem I wrote for Windows Azure Storage. This time it has the great contribution of my friend Juan Pablo Garcia Dalolla who has implemented the Windows Azure Tables support.
This version of the gem also includes support for the version 2009-09-19.
Here’re are some code snippets from the Windows Azure Tables support
require 'waz-storage'
require 'waz-tables'
# The same connection of Windows Azure Storage Core (Queues, Blobs) can be reused
WAZ::Storage::Base.establish_connection!(:account_name =>; account_name,
:access_key =>; access_key)
# Grab the service instance
service = WAZ::Tables::Table.service_instance
# Query the customer table
service.query('customer_table', {:expression =>; "(PartitionKey eq 'customer') and (Age eq 23)", :top =>; 15} )
# Insert something into the customer table
serivce.query('customer_table', {:row_key =>; 'my_custom_id', :name =>; 'johnny'})
There’s also a DataMapper adapter effort going on for Windows Azure Storage Tables, I recommend you to check out Juan Pablo’s post about Windows Azure Tables Adapter for Datamapper
Source Code available at: http://github.com/johnnyhalife/waz-storage
RDoc available at: http://github.com/johnnyhalife/waz-storage