hwangjungseok / oauth-signpost

Automatically exported from code.google.com/p/oauth-signpost
0 stars 0 forks source link

OAuth 2.0 #45

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I'd like to be able to use Signpost to authenticate against Facebook new Graph 
API, which uses 
OAuth 2.0.  I'm guessing that there isn't support in Signpost for OAuth 2.0.  I 
also understand that 
the standard is evolving.  That said, I'm willing to take a first-stab at 
providing OAuth 2.0 support in 
signpost, with the understanding that support may need to evolve with the 
standard.

I opened this bug primarily to get your thoughts on OAuth 2.0 and Signpost.

Original issue reported on code.google.com by bdfer...@gmail.com on 7 May 2010 at 5:56

GoogleCodeExporter commented 8 years ago
I'm not sure how much of the current code base could actually be re-used for a 
2.0
implementation. But then again, I haven't taken a closer look at it yet. I'd be
curious about any experiences with OAuth 2.0 and Signpost though, did you get
anywhere with this so far?

Original comment by m.kaepp...@gmail.com on 9 May 2010 at 12:58

GoogleCodeExporter commented 8 years ago
So I haven't worked through the tentative OAuth 2.0 specs in detail, but 
implementing what Facebook is calling 
OAuth 2.0 seemed pretty simple.  As outlined at:

http://developers.facebook.com/docs/api#authorization

a simple web-callback authorization can get working with an initial redirect, 
and then handling the redirect back 
from facebook and a single additional direct request to get the authorization 
token.  I implemented that just 
using a URL.openStream.  I didn't really need to use signpost to make it happen 
at all.

Original comment by bdfer...@gmail.com on 13 May 2010 at 8:02

GoogleCodeExporter commented 8 years ago
seems like oauth 2.0 eliminates the process of token exchange and signing 
requests.
bdferris I was able to do the same however I am curious to know if you have 
handled
multiple users basically mapping the initial request to the callback for 
multiple users

Original comment by ssam0...@gmail.com on 24 May 2010 at 4:24

GoogleCodeExporter commented 8 years ago
@ssam0276

I'm already using my Java Servlet container's session functionality to track 
repeated access by the same user 
across a session.  When I make the call to 
"https://graph.facebook.com/oauth/access_token" to retrieve the 
access token, I immediately make a follow-up call to 
https://graph.facebook.com/me to get details about the 
authenticated Facebook user.

Original comment by bdfer...@gmail.com on 24 May 2010 at 4:31