roguesupport / oauth-php

The original OAUTH standard implemented in PHP (Historic Record)
MIT License
0 stars 0 forks source link

OAuth2.0 Compatibility #34

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
With Facebook officially supporting OAuth2.0, it'd be nice if this library 
supported it as well, both 
client and server.

I don't know what all the changes are yet, but here's the spec:
http://github.com/theRazorBlade/draft-ietf-oauth/raw/master/draft-ietf-oauth.txt

Original issue reported on code.google.com by philfreo on 24 Apr 2010 at 8:54

GoogleCodeExporter commented 9 years ago
Noted. But for the moment, since it's a first draft, I'll wait. If anybody is
interested in implementing this, let me know.

Original comment by brunobg%...@gtempaccount.com on 28 Apr 2010 at 5:46

GoogleCodeExporter commented 9 years ago
Understandable.  For reference, here's a link about OAuth 2.0
http://wiki.oauth.net/OAuth-2.0

Original comment by philfreo on 28 Apr 2010 at 6:02

GoogleCodeExporter commented 9 years ago

Original comment by brunobg%...@gtempaccount.com on 26 May 2010 at 7:33

GoogleCodeExporter commented 9 years ago
I'm interested in the "Client Credentials Flow" part of this spec:
http://tools.ietf.org/html/draft-ietf-oauth-v2-05#page-35

It seems useful for providing a third party access to my application to
programatically do stuff that's not on behalf of a particular user.

It's pretty similar to two-legged oauth, but I suppose the intention is a little
different.

Original comment by rob.mars...@gmail.com on 27 May 2010 at 3:12

GoogleCodeExporter commented 9 years ago
I know the spec is still in a lot of flux but I'm eagerly anticipating OAuth2 
support. Hopefully things settle down a bit now that draft6 is out.

Original comment by jhurlima...@gmail.com on 13 Jun 2010 at 9:29

GoogleCodeExporter commented 9 years ago
I think there´s no one with enough spare time to implement OAuth2.0 draft6. :( 
If someone reads this and wants to get this "framework" to the next level, 
please send a message to bruno. He would surely give you svn write access! :o)

Original comment by fiedler....@gmail.com on 15 Jun 2010 at 6:54

GoogleCodeExporter commented 9 years ago
Yes, unfortunately I can't work on it right now. But I can grant you write 
access very, very quickly :)

Original comment by brunobg%...@gtempaccount.com on 17 Jun 2010 at 12:40

GoogleCodeExporter commented 9 years ago
Interesting discussion about OAuth 2.0: 
http://www.devcomments.com/OAuth-Server-2-0-at227858.htm
(just a side note ;o))

Original comment by fiedler....@gmail.com on 7 Jul 2010 at 8:06

GoogleCodeExporter commented 9 years ago
What is the progress on this? The spec is at draft 10 
(http://tools.ietf.org/html/draft-ietf-oauth-v2-10)

Original comment by daniel.b...@gmail.com on 3 Aug 2010 at 1:13

GoogleCodeExporter commented 9 years ago
We're looking for developers. Care to help?

Original comment by brunobg%...@gtempaccount.com on 3 Aug 2010 at 5:35

GoogleCodeExporter commented 9 years ago
From what I read of the spec, it's very unlikely that oauth-php will be able to 
support it without major changes. Many places would need a complete rewrite. 
It's questionable whether the API could be maintained and keep backward 
compatibility with 1.0a.

As such, it's not likely right now that support to 2.0 will be written. If 
anybody cares to help, please let me know.

Original comment by brunobg%...@gtempaccount.com on 7 Oct 2010 at 3:25

GoogleCodeExporter commented 9 years ago
Hi,

accordingly André's comments and fixes i want xAuth in the server. I think, 
xAuth is better for mobile clients which uses oauth for verify requests. For a 
example please take a look to Twitter API and used xAuth services.

Best regards
Enno

Original comment by enno0815de on 7 Oct 2010 at 4:55

GoogleCodeExporter commented 9 years ago
@enno0815de: as written in the wiki, xauth has nothing do with oauth. It will 
not be implemented.

Original comment by brunobg%...@gtempaccount.com on 7 Oct 2010 at 7:49

GoogleCodeExporter commented 9 years ago
ok, so i will implement it in andré's server... ;)

Original comment by enno0815de on 11 Oct 2010 at 8:12

GoogleCodeExporter commented 9 years ago
hi,

i have implemented xauth in oauth-php server. if i should upload the changes to 
this repository, i need access to it. if anyone need more help, mail me =]

best regards
enno

Original comment by enno0815de on 25 Oct 2010 at 6:25

GoogleCodeExporter commented 9 years ago
@enno0815de: I sent you a private email. 

Original comment by brunobg%...@gtempaccount.com on 28 Oct 2010 at 4:29

GoogleCodeExporter commented 9 years ago
[deleted comment]
GoogleCodeExporter commented 9 years ago
@enno0815 : brun... is right, xAuth has nothing to do with OAuth as in 
that(xAuth) protocol developer collects username and password from user and 
sends with the request, which diesnt suffice the purpose of OAuth and against 
fundamental principles behind it i.e. in short words Authentication with 
username and password!!

So we shouldn't be bringing that functionality to oauth-php repo rather it 
should be separate project itself if you intend to do.

@bru... : i would humbly request not to merge that code with oauth-php repo 
rather separate branch would be an option..

As far as Compatibility with OAuth 2.0 is concerned can we define abstarct 
methods in Server Module and switch the Methods according to oauth_version 
variable which we recieve through Request.

I am new to oauth implementing it first time and an intermediate programmer.
I am in process of deploying oauth-php on my server,any suggestions or feedback 
would be greatly appreiciated.

Regards,
nEosAg

Original comment by sonawane...@gmail.com on 5 Jan 2011 at 8:57

GoogleCodeExporter commented 9 years ago
I did get enno's code. Due to his IDE reformatting the code, it's almost 
impossible to generate a diff, which is why this has not progressed further. 
Comparing files manually is a lot of work and error-prone.

I still think that xauth and oauth are two different beasts, but xAuth requires 
OAuth. If xauth can be supported by this library and not hassle those people 
who do not want it, or break backwards compatibility, I'm inclined to add 
support to it. 

The problem with oauth 2.0 compatibility is that the protocol has changed 
considerably, and the current oauth-php flow may not be compatible with the 2.0 
protocol. 

Original comment by brunobg%...@gtempaccount.com on 6 Jan 2011 at 6:11

GoogleCodeExporter commented 9 years ago
For reference, Google is now also supporting OAuth 2.0
http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.ht
ml

Original comment by philfreo on 14 Apr 2011 at 8:43