Stupid Currency Tricks: Payment Dropbox with OAuthActiveResource

OAuth support with the OsCurrency API was first demonstrated in January. Ruby on Rails developers may have noticed that I didn't use ActiveResource with OAuth. Instead, in both the January screencast and the Twitter OAuth Consumer screencast, we coded in raw JSON. This was a bummer because, as easy as it is to write JSON, it is difficult to test, maintain and support. It would be much better if we could use ActiveResource.

The good news is that Johannes Wagener has shared his OAuthActiveResource gem. The OAuthActiveResource gem was originally used for the Soundcloud API for music drop boxes. If we can have drop boxes for music, we can have drop boxes for complementary currency.

Excited about this possibility, I created the oscurrency-ruby-api-wrapper gem to support payment drop boxes.

It is very simple code but I did run into two problems. First, I could not use the latest 0.3.5 version of the OAuth ruby gem due to this issue with posting data that is not a hash so I had to use the 0.3.4 oauth gem on the client side. Second, the OAuthActiveResource gem currently does not use the conventional way to create a resource that is a child of another. For instance, with the soundcloud api, it posts to comments.xml instead of tracks/:track_id/comments.xml. Rather than fork the OAuthActiveResource gem to change this, I changed the site class method definition in my Exchange class which is a child of Person.

Like the previous screencast, we're using my fork of the Roll My Blog app and Heroku to show off the payment drop box.

In this demo, each payment is associated with a blog article but you could obviously associate each payment with a product instead. In the Payment::create method, I specify the edit method of the payment as the callback url when sending the visitor to the server to approve the payment.

callback_url = edit_article_payment_url(@article,@payment)

As I mention in the screencast, I didn't make any changes at all to the OsCurrency server for this demo. The big thing that is missing is that the OsCurrency server should display the amount of the payment to the blog visitor and make sure the exchange created by the blogging software does not exceed what was authorized by the blog visitor. I will leave that for next time.

Also, I recorded some of my notes about the IIW2009a event at the Computer History Museum in Mountain View on the EFF Austin Blog. Rich and I will be speaking at the Lonestar Ruby Conference (August 27-29). If you are a Rubyist, this is a great conference that gets better every year. :)

Stupid Currency Tricks: Group Currencies and Heroku

Like the last screencast, this one is a result of a feature request. About 9 months ago to the day, I met Johnny & Eva Barnett at Spiderhouse Coffee through Karen Gifford, the founder of ATEN. Johnny suggested a groups feature be added to oscurrency. This happened one week after Rich and I presented the idea of using insoshi for a currency server at One Web Day Austin and first started checking in code. Multiple improvements made to oscurrency have been a direct result of Johnny Barnett's help.

In February of this year, Benjamin Bradley suggested some interesting use cases for this feature. The barn raising idea was interesting enough that Guillaume Lebleu blogged about it. If we're going to have groups, we'll need group currencies, too! This idea of easily created currencies is one of the components of the open money initiative supported by Michael Linton, the creator of LETS (unmoney convergence video).



As luck would have it, there was already yuki's group_option branch for insoshi that was relatively easily merged into oscurrency.

However, if one of the goals is to make currencies easy to create, we need software that is easy to install that does the job. Unfortunately, the search support that is included in insoshi (and therefore in oscurrency) is a bit too much for heroku.

Therefore, I found a brand new, lightweight blogging software that accepts OpenID called roll_my_blog and forked a copy which would talk to the OsCurrency API. This blogging software is easily deployed to heroku and that is how we can easily install software to create new currencies, etc.

Bonus: There is now some video footage of the early days of the Austin Time Exchange (the summer of '06). Among others interviewed, you can see and hear from current board members Karen, Rich and Sheila.

Life Inc: The Movie

Life Incorporated via BoingBoing

Columbia Exchange Circle on KOMU TV

The Columbia Exchange Circle was on TV yesterday...

"The idea of the exchange circle is to connect community members and get people to share the skills and resources that they have in a way that does not rely on the current economy," said Maggy Rhein, another organizer for the C.E.C.

And members say that taking the program online is the easiest way to connect.

"People can post the request and people can see it instantly," said Vince Foley, another organizer for the group and the Web site manager.

The Columbia Exchange Circle source code was forked by binaryseed in February of this year and is a great example of decentralized innovation on GitHub.

Stupid Currency Tricks: Matching Unmet Needs with Available Resources

The previous five screencasts have been experimental. Anyone who knows Ruby on Rails can install the code and, since it is open source, anyone can make improvements to it. We have seen how the application programming interface (API) allowed for an independently developed killer app to be built. However, until today, to my knowledge, none of the new features shown in these "Stupid Currency Tricks" screencasts are actually enabled on real systems. Why? Because real people in real communities have not asked for them!

People who actually use technology for everyday needs often seem to be just fine with commoditized, everyday technology. So, today there is no OAuth, no QR codes, no Twitter, no Identi.ca, no Nokia n800. Instead, this screencast shows a feature requested by Kieran Sikdar which makes sure the right people are notified when a new request is created.



Since people can list what categories of service they provide and these categories can also be associated with new requests, we can limit email notifications to just those people whose categories match the categories associated with the new request.

Also, I should mention that if a category or sub-category doesn't already exist, anyone in the system can create a new one. The administrator of the system clearly does not have the specialized knowledge of the community for determining which categories of services should be defined.

Stupid Currency Tricks: Twitter OAuth Consumer

3/27/09 Update - Twitter announced today a new method that apparently allows one to follow someone in one-click from another website but it is a negligible step forward. It seems to take two clicks and doesn't return the follower back to where he came from as is done in this screencast with OAuth.

Twitter recently started rolling out OAuth support in a private beta for developers. Previously, as described in the Twitter Development Talk group, there was no way to automate a member of your website to follow your website's twitter account, for instance. Now, with OAuth, today's screencast shows that this can be done in a usable manner.

A common question about OAuth is "how do you designate what resource(s) a token is good for?" According to the OAuth spec Appendix B.9:

By itself, OAuth does not provide any method for scoping the access rights granted to a Consumer. A Consumer either has access to Protected Resources or it doesn’t. Many applications will, however, require greater granularity of access rights. For example, Service Providers may wish to make it possible to grant access to some Protected Resources but not others, or to grant only limited access (such as read-only access) to those Protected Resources.

When implementing OAuth, Service Providers should consider the types of access Users may wish to grant Consumers, and should provide mechanisms to do so. Service Providers should also take care to ensure that Users understand the access they are granting, as well as any risks that may be involved.

Feel free to check out the code. I'm not storing the access tokens in the database but since I'm only using OAuth for one purpose, I didn't see any good reason to.

Stupid Currency Tricks: Identica

In the last screencast, requests were posted to Twitter and members were automatically followed when they associated their Twitter ID with their OSCurrency account. In this episode, we see how minimal changes to the code allow us to do the same with Identi.ca instead of Twitter.

Besides all the advantages of being open source, Identi.ca also accepts OpenID. So does OSCurrency (since it is derived from Insoshi). Wouldn't it be great if microblogging messages could be routed like email messages?