curl-library
Re: Implementing OAuth support into curl?
Date: Fri, 21 Dec 2012 20:35:34 +0100
On 21-12-12 19:32, Yves Arrouye wrote:
> I have so far a full patch off HEAD for OAuth 2 which supports the
> generation of a proper Authorization: header for OAuth 2 from a token.
> Bearer (RFC 6750) and the HTTP MAC (draft-ietf-oauth-v2-http-mac-02) are
> both supported. The patch has been tested on OS X, Linux, Windows using
> nmake as well as MingW32. We are using it to interact with our newly
> designed authentication service (so it's also been tested against a
> different implementation of HTTP MAC), which is why I cared mostly about
> generating proper authorization headers, and not about three legged etc.
> But it's a solid start.
>
> I was actually going to ask if there was interest in having me contribute
> this to cURL. The patch does NOT enable OAUth2 by default (but I can
> change that, and maybe not enable HTTP MAC by default as it's an I-D and
> not an RFC; all those things can be discussed).
>
> If there is interest, then I'D love to discuss some of my decisions (e.g.
> take a token file on curl's command line rather than the token data itself
> so as not to expose it on the command line, though I also have #ifdef'ed
> support for that) as well as make sure some of them are the right way to
> integrate with cURL and libcurl (e.g. setting the token through libcurl,
> where a file did not seem appropriate).
>
> Refresh tokens are not supported yet because it's something I'D rather
> discuss with the list before picking some design over some other.
>
> YA
This is interesting. Do you have a more detailed write up, or even the
source code/patch?
Oscar
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature