Jerome, Thanks for your reply. It is heartening. I have some comments below:
On Sep 28, 2012, at 1:21 PM, Jerome Louvel wrote: > Hi Bjorn, > > OAuth 2.0 support is considered as experimental in version 2.1, due to the > unstability of the OAuth 2.0 spec in large part which made it a moving > target. This is a reason why we considered covering OAuth 2.0 in the book > but preferred not to. I am not disagreeing with you, but let me offer another perspective: OAuth 2 is not finalized. But, truth be told, I am getting the feeling it will never be finalized. Nevertheless, the world is moving to OAuth in one form or other. It's even getting practically baked into android: http://android-developers.blogspot.ca/2012/09/google-play-services-and-oauth-identity.html Some are even saying that putting it in to android now is YEARS too late: http://1raindrop.typepad.com/1_raindrop/2012/09/oauth-20-google-learns-to-crawl.html Indeed, Google is deprecating their oauth 1 apis. Who is using OAuth 2? bitly, facebook, foursquare, github, google, instagram, microsoft, salseforce, etc. We may not like it, but it OAuth 2 is here, now, whether it's "final" or not. OAuth 2 is a force of nature: you cannot fight it! You will be assimilated! Any web API that doesn't support it is, as far as I'm concerned, behind the times. And, in my opinion, if it isn't documented it isn't supported. > Good news: we have received a cool contribution to upgrade this support to > draft 30 recently and are looking forward to apply it to version 2.2: > https://github.com/restlet/restlet-framework-java/pull/644 Woot! > This will be a good time to refresh/improve the documentation. We are > looking for contributors on the doc front, so it would be great if you could > step up and help us with this, making Restlet support for OAuth 2.0 a first > class one. I've just entered an issue for the doc: > https://github.com/restlet/restlet-framework-java/issues/665 Thanks for filing that. I would be thrilled to help, but I can't really write documentation for something I can't get working... but that seems like a tractable problem. Also, FYI, I am not using restlet as a client. > BTW, we intend to keep development cycle for RF 2.2 pretty short (6 months) > and a stable OAuth 2.0 support would really be a key enhancement. Hope can > you help us out! I have been working on this long enough that I'm getting a bit frustrated. When that happens, my usual moderate intellectual capacity with server-side programming has been reduced to shambles. Easy stuff has become hard. Maybe you can help me produce a simple working example, and I can provide you some documentation for it? bjorn ----------------------------- Bjorn Roche http://www.xonami.com Audio Collaboration http://blog.bjornroche.com ------------------------------------------------------ http://restlet.tigris.org/ds/viewMessage.do?dsForumId=4447&dsMessageId=3011015
