ctakahashi / rest-client

Automatically exported from code.google.com/p/rest-client
Apache License 2.0
0 stars 0 forks source link

Implement Authorization OAuth (Open Authorization) #126

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
A RESTful SOA I am trying to test uses OAuth, and looking for an automated 
tool. At first we tried to use JMeter; however, one of our developers has found 
an issue with signing 'not implemented fully', e.g. 
oauth_signature_method="HMAC-SHA1"

If the rest-client added support, in the Auth tab, for example, to pass 
variable values for Authorization: OAuth header parameters:
oauth_callback=”CALLBACK_VALUE”, 
oauth_version="VERSION", 
oauth_nonce="DYNAMIC_NONCE_VALUE", 
oauth_timestamp=" DYMANIC_TIMESTAMP_VALUE", oauth_signature_method="HMAC-SHA1", 
oauth_token="DYNAMIC_VALUE",
oauth_consumer_key="STATIC_VALUE", 
oauth_signature="STATIC_VALUE"
-- also would need to support signing, e.g. HMAC-SHA1
At first, I tried just appending the OAuth parameters as independent header 
values, but that obviously didn't work. OAuth Authentication parameters must be 
associated with this header, and should be able to swap these values out 
dynamically, like distinct parameters.     

Original issue reported on code.google.com by irosema...@gmail.com on 26 Jan 2011 at 10:00

GoogleCodeExporter commented 8 years ago
This should read Type-Enhancement

Original comment by irosema...@gmail.com on 26 Jan 2011 at 10:01

GoogleCodeExporter commented 8 years ago
Signpost seems to have support for OAuth signing:

http://code.google.com/p/oauth-signpost/

But this also seems to be a dying library:

http://brainflush.wordpress.com/tag/signpost/

Original comment by subwiz on 30 Jan 2011 at 5:36

GoogleCodeExporter commented 8 years ago
This also seems to do the job:

https://github.com/fernandezpablo85/scribe-java/blob/master/src/main/java/org/sc
ribe/services/HMACSha1SignatureService.java

Original comment by subwiz on 30 Jan 2011 at 5:45

GoogleCodeExporter commented 8 years ago
OAuth 1.0 will not be implemented as the major Companies are moving towards 
OAuth 2.0.

All further development (OAuth 2.0) will be tracked in:

https://code.google.com/p/rest-client/issues/detail?id=145

Original comment by subwiz on 5 Jul 2012 at 1:53