[racket] implementing OAuth 1.0 protocol?

From: John Clements (clements at brinckerhoff.org)
Date: Thu Sep 20 15:50:53 EDT 2012

On Sep 20, 2012, at 12:27 PM, Ryan Culpepper wrote:

> On 09/20/2012 01:45 PM, John Clements wrote:
>> I have a student (cc:ed) that noticed that there's an OAuth 2.0
>> library for Racket, but no OAuth 1.0 library. Apparently, there are
>> some differences, so that you can't use OAuth 2.0 to implement (say)
>> an interaction with Twitter. Can anyone with OAuth experience confirm
>> this, and also the absence of an OAuth 1.0 library for Racket?
> As I understand it, OAuth 1.0 is a much more complicated protocol. For example, I believe OAuth 1.0 tries to include request integrity protection in the protocol itself, requiring request canonicalization and digests and whatnot, whereas OAuth 2.0 says "you must use SSL" (roughly) and then allows you to use simple bearer tokens. OAuth 1.0 may not support all of the use scenarios that OAuth 2.0 is designed for (but I could be wrong about this part). Given that several web service providers (eg Google, Github) already support OAuth 2.0, I don't think anyone has felt a need to implement OAuth 1.0.
> On the other hand, it certainly seems doable.

Okay, that matches what we were thinking, with the additional piece of information that twitter's online docs strongly suggest that they don't support OAuth 2, and have no plans to do so.

Sounds good!

Many thanks,


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4800 bytes
Desc: not available
URL: <http://lists.racket-lang.org/users/archive/attachments/20120920/76e24214/attachment.p7s>

Posted on the users mailing list.