I think OAuth 2.0 client has a good framework for message exchange with OAuth server, so it could be base for OAuth 1.0a implementation. However the most difficult thing is a requirement of cryptography in 1.0a, this is one of the reasons why 2.0 spec came up.
I agree that would be good to have OAuth 1.0 in Amber (scribe e.g.), but there are many widely used Java implementations already. I am worried about its adoption. Just my three cents :) Cheers, Lukasz On Mon, Jan 16, 2012 at 4:25 PM, Simone Tripodi <[email protected]>wrote: > Hola, > The question I have is - and please take in consideration today I'm an > outdated OAuth guy :) - : how hard is putting 1.0a support in current > 2.0 client? > TIA, > Simo > > http://people.apache.org/~simonetripodi/ > http://simonetripodi.livejournal.com/ > http://twitter.com/simonetripodi > http://www.99soft.org/ > > > > On Mon, Jan 16, 2012 at 10:19 AM, Tommaso Teofili > <[email protected]> wrote: > > 2012/1/14 Antonio Sanso <[email protected]> > > > >> > >> On Jan 12, 2012, at 5:04 PM, Simone Tripodi wrote: > >> > >> > Ciao Antonio, > >> > > >> >> > >> >> unless I am doing something wrong it looks like I still do not have > any > >> write/edit permission on the wiki. > >> >> > >> > > >> > I am worried you'll have to contact INFRA[1] > >> > > >> >> If I am not completely wrong some major sites (e.g. twitter) are > still > >> using version 1.0a of the spec. > >> >> For this reason, if we want to gather any crowd to use Amber it would > >> be good to support at least client side also version 1.0a otherwise > people > >> would be oriented to use some other Java libraries (e.g. Scribe). > >> >> The effort to do it for the client module should not be to huge, but > >> there is obviously an overhead. > >> > > >> > That sounds a more than valid reason to implement 1.0a - can you make > >> > a quick search to verify that please? TIA! > >> > >> Hi Simone, I can confirm Twitter is still using 1.0a . > >> As a general consideration I also think that there are much more users > >> interested to the client part than the one interested to the server part > >> (like me :)). > >> > > > > I agree that the client is an important part so I agree on the 1.0a > > implementation. > > > > > >> For this reason we could even think about a two phase release (first one > >> we focus on the client/common modules) and second we focus on everything > >> else. > >> > > > > I think the best way of doing that is putting down a quick roadmap of > > things to be done so that we can prioritize tasks and, eventually, split > > those items in different phases. > > BTW we are in the Incubator for a long time now so it'd be good to > include > > also a release / graduation plan. > > > > > >> I hope you agree than one of our goal is to be mentioned here [0]and > here > >> [1] in order to increase the project exposure. > >> > >> WDYT? > >> > > > > +1 > > > > Tommaso > > > > > > > >> > >> Regards > >> > >> Antonio > >> > >> [0] http://oauth.net/code/ > >> [1] http://oauth.net/2/ > >> > >> > >> > > >> > I would propose to add that implementation in the current 2.0 impl, > >> > rather than continue developing old stuff... > >> > > >> > best, > >> > -Simo > >> > > >> > [1] https://issues.apache.org/jira/browse/INFRA > >> > > >> > http://people.apache.org/~simonetripodi/ > >> > http://simonetripodi.livejournal.com/ > >> > http://twitter.com/simonetripodi > >> > http://www.99soft.org/ > >> > >> >
