search

thephpleague / oauth1-client

OAuth 1 Client
MIT License
968 stars 73 forks source link

What about using guzzlehttp/oauth-subscriber ? #88

Closed mrjoops closed 4 years ago

mrjoops commented 7 years ago

Hi,

I'm starting to contribute to your project, writing a JIRA provider; so I was looking at the code when I noticed a few things. You are using Guzzle as the HTTP client but you don't use its Oauth1 subscriber implementation, is there a particular reason for that ? I think it would be interesting to use it since it take care of all the headers and signatures stuff, and it will dramatically reduce your codebase.

I would have written a PR if that was not such a big change. Of course I could if you're interested.

Good job by the way, your library is way more easy to implement than Atlassian own JIRA examples I tried.

bencorlett commented 7 years ago

Hey,

Okay, so the reason we didn’t use that is, at least at the time of writing this, it didn’t support the final OAuth 1.0 protocol, it might have been the earlier 1.0 or 1.0a protocol (yes, there’s two identical protocol names for different OAuth 1 protocols). Anyway, we’re using the latest one, referenced in the project README.

Having said that, I’ve read through their code and it appears like it’s doing much the same thing.

@all how would you feel about this?

On 11 Jul 2017, at 12:20 am, Alexandre Lahure notifications@github.com wrote:

Hi,

I'm starting to contribute to your project, writing a JIRA provider; so I was looking at the code when I noticed a few things. You are using Guzzle as the HTTP client but you don't use its Oauth1 subscriber implementation, is there a particular reason for that ? I think it would be interesting to use it since it take care of all the headers and signatures stuff, and it will dramatically reduce your codebase.

I would have written a PR if that was not such a big change. Of course I could if you're interested.

Good job by the way, your library is way more easy to implement than Atlassian own JIRA examples I tried.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/thephpleague/oauth1-client/issues/88, or mute the thread https://github.com/notifications/unsubscribe-auth/AALGn_d99pUfM1EZDpIMGG5_P6ZtZwK5ks5sMjMXgaJpZM4OS6Vq.

stevenmaguire commented 7 years ago

I am a fan. Especially if it will help to get this project up to the next major version and more in line with the look and feel of the oauth2-client.

stevenmaguire commented 7 years ago

A ton of work went into https://github.com/thephpleague/oauth1-client/pull/35 to get this project moving.

mrjoops commented 7 years ago

So, what's next ?

bencorlett commented 4 years ago

So the Guzzle OAuth subscriber works well if you have token credentials. Having said that, it's not entirely OAuth spec compliant (although it works for most use cases). I've addressed its shortcomings in the description of #111.

Having said that, I have a decision to make - whether we add our own Guzzle OAuth subscriber for authenticated requests or we stay agnostic and just recommend the use of that if you choose to use Guzzle in our new version (that's right, we don't require the use of Guzzle at all moving forward).