Rails two-legged OAuth provider?

Question

I have a rails 2.3.5 application with an API I wish to protect.

There is no user - it is an app to app style webservice (more like an Amazon service than facebook), and

Answer 1

Previously, the only good answer was to hack about in the oauth-plugin to get this subset of the oauth interaction. Since then, the oauth-plugin was refactored, and now you can use it straight up, just by adding the right type of authentication filter to your controller:

class ApiController < ApplicationController

    include OAuth::Controllers::ApplicationControllerMethods

    oauthenticate :strategies => :two_legged, :interactive => false

    # ...

end