Agree. OAuth is not that complicated, reading the specs is. But honestly, if you forget to sort the parameters before concatenating it means you haven't read them at all (OAuth 1.0 - 9.1.1).
One thing that really helped me to understand the flow was to create a fake Service Provider. --Gilles On Tue, Apr 28, 2009 at 5:26 AM, Dossy Shiobara <do...@panoptic.com> wrote: > > On 4/28/09 1:42 AM, Chris Messina wrote: >> Is OAuth this hard for everyone else? >> >> http://kentbrewster.com/oauth-confessions/ >> >> *Sniff*. > > Funny enough, I ran into at least a few of the items on his list when > writing my own OAuth consumer implementation from scratch. > > I honestly think that the OAuth _design_ isn't what makes it difficult. > It's the way the specification is written. What really bit me in the > ass the hardest was the "Parameter Encoding" requirement of the > signature when using HTTP header authentication. Deviating from the RFC > just for OAuth violates POLS, guys. > > Honestly, after trying to decipher the spec. and not getting very far, I > put it aside and went to Eran's GUI: > > http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html > > I almost wish I'd not bothered to confuse myself with the spec. and just > used that one page. It's a _fantastic_ reference implementation for > anyone developing their own OAuth consumer. > > -- > Dossy Shiobara | do...@panoptic.com | http://dossy.org/ > Panoptic Computer Network | http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
