Is OAUTH in TODO list?

Discussion of ideas for features and new projects based on POCO.
tiplip
Posts: 19
Joined: 13 Jan 2011, 09:21

Is OAUTH in TODO list?

Postby tiplip » 07 Nov 2014, 04:20

Hi,

I am poco user for over 6 years, thanks to your great works and it helped me too much.
Now, I would like to know if it plans to support OAUTH in some future?

Best regards!

alex
Posts: 1375
Joined: 11 Jul 2006, 16:27
Location: United_States

Re: Is OAUTH in TODO list?

Postby alex » 07 Nov 2014, 05:50

No, but we gladly accept contributions. Here's a good starting point hint.

tiplip
Posts: 19
Joined: 13 Jan 2011, 09:21

Re: Is OAUTH in TODO list?

Postby tiplip » 08 Nov 2014, 05:51

alex wrote:No, but we gladly accept contributions. Here's a good starting point hint.

Very thankful, that's what I need!

guenter
Posts: 1268
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Is OAUTH in TODO list?

Postby guenter » 10 Nov 2014, 12:05

The TwitterClient sample in Net contains a client-side OAuth 1.0A implementation.

guenter
Posts: 1268
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Is OAUTH in TODO list?

Postby guenter » 11 Nov 2014, 01:02

Okay, I have added OAuth 1.0A/RFC 5849 support to Net on develop. There's a new OAuth10Credentials class that works similar to HTTPDigestCredentials class. Will be in 1.6.
Not sure about OAuth 2.0, though. There's not much to do at the framework level, as sending the HTTP requests for obtaining the bearer token is mostly straightforward (does not involve any complex signing, etc.) and specific to the respective service. Also, adding an Authorization: Bearer xxx header is also not hard to do.

guenter
Posts: 1268
Joined: 11 Jul 2006, 16:27
Location: Austria

Re: Is OAUTH in TODO list?

Postby guenter » 11 Nov 2014, 17:21

Also added some basic OAuth 2 support. Given that there's not much that can be done for OAuth 2 in a generic way (i.e., there is no standard way to obtain the bearer token from a service, etc.), OAuth 2 support is restricted to setting the bearer token in the Authorization header. All the rest has to be done depending on the respective service to talk to. Given that all the necessary building blocks are there (HTMLForm, JSON library, etc.) this should be okay.

I could imagine a separate OAuth library covering the complete OAuth work flow from obtaining the client credentials to obtaining the bearer token, including handling the refresh token, etc. but this would have to be a pretty generic framework. Not sure if it's worth doing.


Return to “Wishlist”

Who is online

Users browsing this forum: No registered users and 1 guest

cron