Well, OAuth 2 vs. OAuth 1.0a are just different specs. OAuth 2 is based on 1.0a and is simplified. When we get started on this feature I guess it's a discussion we should have as to which version to use. The comment on the Lift list about the implementation of OAuth 1.0 and not 1.0a doesn't fill me with confidence for that implementation. OAuth 1.0 has a major security whole that version 1.0a fixes.
How do you like the Streamwork API? That is the simpler bearer-token or PLAINTEXT version of OAuth. Has anyone tried a version with MAC signatures? Any thoughts on usability versus other APIs? Ethan On Sat, Apr 9, 2011 at 10:39 AM, Richard Hirsch <[email protected]>wrote: > On Sat, Apr 9, 2011 at 10:36 AM, Ethan Jewett <[email protected]> wrote: > > Using it as an authentication mechanism for our API? > Yep > > >I'd like to do > > this but it probably means a fair amount of work. I'd also think we > > should consider doing OAuth 2 at this point. > > Why OAuth ? What are the differences? > > > I don't think it should > > be part of 1.3. It will probably take too long. > > Agree about it not being in 1.3. Thinking 1.4 > > D. > > > > Ethan > > > > On Saturday, April 9, 2011, Richard Hirsch <[email protected]> > wrote: > >> I'm been folllowing the OAuth discussion in Lift : > >> > http://groups.google.com/group/liftweb/browse_thread/thread/b511bbc1a37d4166/98b1f654763b355a?show_docid=98b1f654763b355a > >> > >> When things get straightened out and the code is included in their > >> code base, we should probably think about using OAuth in ESME. > >> > >> Don't know whether we want to wait for 2.4 though, since it might be a > >> while before it is released. > >> > >> Thoughts? > >> > >> D. > >> > > >
