On Sat, May 15, 2010 at 12:48 AM, Viksit Gaur <vik.list.nutch_at_gmail.com> wrote:
> Hi all,
>
> I was thinking of the following workflow to integrate oauth into Curl.
> This is the first iteration of the idea, so please feel free to
> provide feedback.

This is the same approach we took in our twurl client
(http://github.com/marcel/twurl).

> $ curl --oauth --consumer-key xxyy --consumer-secret xxyy
> --authorize-url http://xyz --access-token-url http://xyz
> --request-token-url http://xyz authorize

Just a nit: I think "authorize" is implied by --authorize-url.

> Would you have suggestions on how to store this persistent state
> across curl invocations? Of course, there would be an "expiry time"
> for these tokens which we would have to handle.

twurl stores the consumer key, consumer secret, and access token in a
dot file in the user's home directory. curl would also need to
associate each token with a particular domain or URL base so it can
figure out which token to use for a given URL. For maximum
flexibility, you could also allow multiple profiles per application,
which would allow users to store access tokens for more than one
username. Something like this (in YAMLish format purely for
readability):

http://twitter.com/:
  alice:
    consumer_key: xxxxxxxxxxxxxxxxxxxxx
    consumer_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
  bob:
    consumer_key: xxxxxxxxxxxxxxxxxxxxx
    consumer_secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
    secret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
http://someothersite.com/:
  alice:
    ...etc.

-- 
Dana Contreras
Twitter Platform Team
http://twitter.com/DanaDanger
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html