On 4/28/09 1:42 AM, Chris Messina wrote:
> Is OAuth this hard for everyone else?
>
> http://kentbrewster.com/oauth-confessions/
>
> *Sniff*.
Funny enough, I ran into at least a few of the items on his list when
writing my own OAuth consumer implementation from scratch.
I honestly think that the OAuth _design_ isn't what makes it difficult.
It's the way the specification is written. What really bit me in the
ass the hardest was the "Parameter Encoding" requirement of the
signature when using HTTP header authentication. Deviating from the RFC
just for OAuth violates POLS, guys.
Honestly, after trying to decipher the spec. and not getting very far, I
put it aside and went to Eran's GUI:
http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html
I almost wish I'd not bothered to confuse myself with the spec. and just
used that one page. It's a _fantastic_ reference implementation for
anyone developing their own OAuth consumer.
--
Dossy Shiobara | do...@panoptic.com | http://dossy.org/
Panoptic Computer Network | http://panoptic.com/
"He realized the fastest way to change is to laugh at your own
folly -- then you can let go and quickly move on." (p. 70)
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OAuth" group.
To post to this group, send email to oauth@googlegroups.com
To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com
For more options, visit this group at http://groups.google.com/group/oauth?hl=en
-~----------~----~----~----~------~----~------~--~---
