On Tue, 2011-02-01 at 14:33 +0000, Moore, Jonathan wrote: > Hi folks, > > The OAuth question posed on the user list yesterday made me wonder if it > would be worthwhile to have built-in OAuth support in HttpClient.
It most certainly would. > The > library I suggested using is actually distributed under the Apache License > 2.0, so we ought to just be able to include it if we like. (However, out > of courtesy I would want to contact the original programmer too). > > Before I start on this path, I wanted to gut check whether anyone had any > objections, and if not, if anyone had any suggestions/guidelines on > implementation? I'm guessing we want something that basically looks a lot > like our current support for NTLM, Basic, Digest, etc. > Please take a look at and reopen this issue https://issues.apache.org/jira/browse/HTTPCLIENT-836 I have no good understanding how the OAuth is supposed to work, but I remember reading somewhere that it differs from BASIC, DIGEST and NTLM schemes by sending credentials preemptively rather than relying on the conventional challenge / response mechanism. This may (or may not) pose difficulties and potentially may require to treat the OAuth scheme differently. We also will have to decide how we go about additional external dependencies that may be required by OAuth code- whether or not they need to be made mandatory or can be kept optional and whether or not OAuth code should be distributed as a separate jar (artifact). Anyway, please do go ahead! There will always be ways to incorporate good code into HC one way or another. Cheers Oleg --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
