[racket] implementing OAuth 1.0 protocol?

From: Ryan Culpepper (ryan at cs.utah.edu)
Date: Thu Sep 20 15:27:07 EDT 2012

On 09/20/2012 01:45 PM, John Clements wrote:
> I have a student (cc:ed) that noticed that there's an OAuth 2.0
> library for Racket, but no OAuth 1.0 library. Apparently, there are
> some differences, so that you can't use OAuth 2.0 to implement (say)
> an interaction with Twitter. Can anyone with OAuth experience confirm
> this, and also the absence of an OAuth 1.0 library for Racket?

As I understand it, OAuth 1.0 is a much more complicated protocol. For 
example, I believe OAuth 1.0 tries to include request integrity 
protection in the protocol itself, requiring request canonicalization 
and digests and whatnot, whereas OAuth 2.0 says "you must use SSL" 
(roughly) and then allows you to use simple bearer tokens. OAuth 1.0 may 
not support all of the use scenarios that OAuth 2.0 is designed for (but 
I could be wrong about this part). Given that several web service 
providers (eg Google, Github) already support OAuth 2.0, I don't think 
anyone has felt a need to implement OAuth 1.0.

On the other hand, it certainly seems doable.


Posted on the users mailing list.