[racket] implementing OAuth 1.0 protocol?

From: Greg Hendershott (greghendershott at gmail.com)
Date: Thu Sep 20 17:00:35 EDT 2012

Not everyone loves OAuth 2.0. One person who doesn't is its lead
author/editor, who resigned and withdrew his name from the spec at the
end of July.

"When compared with OAuth 1.0, the 2.0 specification is more complex,
less interoperable, less useful, more incomplete, and most
importantly, less secure."

http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

Although I don't know enough to take a side in this debate, it seems
possible that Twitter and some others won't be jumping on the OAuth
2.0 wagon.

On Thu, Sep 20, 2012 at 3:50 PM, John Clements
<clements at brinckerhoff.org> wrote:
>
> On Sep 20, 2012, at 12:27 PM, Ryan Culpepper wrote:
>
>> On 09/20/2012 01:45 PM, John Clements wrote:
>>> I have a student (cc:ed) that noticed that there's an OAuth 2.0
>>> library for Racket, but no OAuth 1.0 library. Apparently, there are
>>> some differences, so that you can't use OAuth 2.0 to implement (say)
>>> an interaction with Twitter. Can anyone with OAuth experience confirm
>>> this, and also the absence of an OAuth 1.0 library for Racket?
>>
>> As I understand it, OAuth 1.0 is a much more complicated protocol. For example, I believe OAuth 1.0 tries to include request integrity protection in the protocol itself, requiring request canonicalization and digests and whatnot, whereas OAuth 2.0 says "you must use SSL" (roughly) and then allows you to use simple bearer tokens. OAuth 1.0 may not support all of the use scenarios that OAuth 2.0 is designed for (but I could be wrong about this part). Given that several web service providers (eg Google, Github) already support OAuth 2.0, I don't think anyone has felt a need to implement OAuth 1.0.
>>
>> On the other hand, it certainly seems doable.
>
> Okay, that matches what we were thinking, with the additional piece of information that twitter's online docs strongly suggest that they don't support OAuth 2, and have no plans to do so.
>
> Sounds good!
>
> Many thanks,
>
> John
>
>
> ____________________
>   Racket Users list:
>   http://lists.racket-lang.org/users
>


Posted on the users mailing list.