Hi Bjorn, OAuth 2.0 support is considered as experimental in version 2.1, due to the unstability of the OAuth 2.0 spec in large part which made it a moving target. This is a reason why we considered covering OAuth 2.0 in the book but preferred not to.
Good news: we have received a cool contribution to upgrade this support to draft 30 recently and are looking forward to apply it to version 2.2: https://github.com/restlet/restlet-framework-java/pull/644 This will be a good time to refresh/improve the documentation. We are looking for contributors on the doc front, so it would be great if you could step up and help us with this, making Restlet support for OAuth 2.0 a first class one. I've just entered an issue for the doc: https://github.com/restlet/restlet-framework-java/issues/665 BTW, we intend to keep development cycle for RF 2.2 pretty short (6 months) and a stable OAuth 2.0 support would really be a key enhancement. Hope can you help us out! Thanks, Jerome -- http://www.restlet.com http://twitter.com/#!/jlouvel -----Message d'origine----- De : Bjorn Roche [mailto:[email protected]] Envoyé : jeudi 27 septembre 2012 20:35 À : [email protected] Objet : oath server/protected resource I know I've brought this up before, but.... I'm trying to work through developing a a restlet server that allows users to log on and access protected resources, but unless I'm missing something, there is no sane documentation and no working sample code. I'm doing my best to chug through, but unless I'm missing something obvious, this is really an area that could use some serious attention. If someone does know of something I'm missing, I'd really appreciate it. THE DOCS --------------- OAuth is not covered in the new book, which is a major bummer. I'm not a huge fan of OAuth, but it's everywhere, so it needs some coverage. The ericson docs are impossible. The documentation here: http://wiki.restlet.org/docs_2.1/13-restlet/28-restlet/392-restlet.html are littered with errors. Just to take one example, this code snippet: public class MyProtectedApplication extends Application{ public synchronized Restlet createInboundRoot(){ Router root = new Router(getContext()); OAuthAuthorizer auth = new OAuthAuthorizer("yourServerValidateURI", "yourServerAuthURI); List <Roles> roles = new ArrayList <Role> (); roles.add(new Role("status", null)); auth.addAuthorizedRoles(roles); auth.setNext(ServerResource.class); root.attachRoute("/status", auth); } } is missing closing quotes after yourServerAuthURI, and is missing a return statement. I can work with those kinds of error, but it gets worse: there is no two argument constructor to OAuthAuthorizer. Overall these docs are very hard to follow. SAMPLE CODE ------------------ So I tried downloading the sample code and it's hard to know where to begin. After digging through the code I figured out what some working URLs might be, but eventually I get to a point where it says Connection Error Unable to establish a connection to www.mellowtech.org/213.65.6.214:8095 Indeed there are references to mellowtech.org in the code. It appears to be providing an oauth service that the sample code depends on. It /seems/ like this could be made to work by changing references to this server to a constant and making a note in a readme that the user should change that constant to something (probably localhost), which I'm going to try, ----------------------------- Bjorn Roche http://www.xonami.com Audio Collaboration http://blog.bjornroche.com ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=30108 09 ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3011000
