On 4/28/09 1:42 AM, Chris Messina wrote: > Is OAuth this hard for everyone else? > > http://kentbrewster.com/oauth-confessions/ > > *Sniff*.
Funny enough, I ran into at least a few of the items on his list when writing my own OAuth consumer implementation from scratch. I honestly think that the OAuth _design_ isn't what makes it difficult. It's the way the specification is written. What really bit me in the ass the hardest was the "Parameter Encoding" requirement of the signature when using HTTP header authentication. Deviating from the RFC just for OAuth violates POLS, guys. Honestly, after trying to decipher the spec. and not getting very far, I put it aside and went to Eran's GUI: http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html I almost wish I'd not bothered to confuse myself with the spec. and just used that one page. It's a _fantastic_ reference implementation for anyone developing their own OAuth consumer. -- Dossy Shiobara | do...@panoptic.com | http://dossy.org/ Panoptic Computer Network | http://panoptic.com/ "He realized the fastest way to change is to laugh at your own folly -- then you can let go and quickly move on." (p. 70) --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---