Hey John - A while back I needed to tack OAuth support on to a general purpose HTTP client API. The goals were two-fold:
1) Do magic whenever possible. Request token and access token requests happen under the covers. Adding the session extension support was magic, it required no changes to caller code. 2) If magic isn't possible, don't even try. I've given up on handling anything except the most basic 400/401/403 error codes in favor of returning the entire HTTP response to the caller. The code is open source, Apache licensed, and in production use. It is, of course, based on the oauth.net java code. =) The code is here: http://svn.apache.org/repos/asf/incubator/shindig/trunk/java/gadgets/src/main/java/org/apache/shindig/gadgets/oauth/OAuthRequest.java The docs are here: http://code.google.com/apis/gadgets/docs/oauth.html The code isn't perfect by any means, but it is working for a fair number of people. The most common complaints I've had are: - too hard to adjust request and access token urls - insufficient details in problem reports (I think I've fixed this by returning the entire request/response/request/response stream if anything resembling an error occurs) I like your approach of removing some of the magic that the current OAuthClient code tries to do, but I think the API you describe may not leave sufficient room for magic at all. There are certain common control flows that can be hidden from developers. Cheers, Brian On Fri, Jan 30, 2009 at 5:59 PM, John Kristian <[email protected]> wrote: > > I propose to extend the Java oauth-core library to better support > accessing protected resources, as follows. Please let me know if this > is a bad idea, or there's a better way. > > In brief, I propose to add a method to OAuthClient: > > /** Send a request and return the response. */ > public OAuthResponseMessage access (OAuthMessage request, > ParameterStyle style) throws IOException; > > Unlike the existing 'invoke' method, it won't try to decide whether > the response indicates success; it will merely return the response. A > typical caller would evaluate the response, something like this: > > OAuthClient client = ...; > OAuthAccessor accessor = ...; > OAuthMessage request = new ...; > request.addRequiredParameters (accessor); > OAuthResponseMessage response = client.access (request, > ParameterStyle.AUTHORIZATION_HEADER); > switch(response.getHttpResponse().getStatusCode()) { > case 200: ... > case 400: ... > > I'm a little worried about feature creep: this is a step toward a > general purpose HTTP client library. But it's a tolerably small step, > I hope. I don't want to try to reproduce all the features of the > Apache HTTP client libraries. > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
