• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Stop wasting time looking for files and revisions. Connect your Gmail, DriveDropbox, and Slack accounts and in less than 2 minutes, Dokkio will automatically organize all your file attachments. Learn more and claim your free account.

View
 

NetNewsWireRequest

Page history last edited by Chris Messina 12 years, 10 months ago

Sent 10/7/2007 at 10am


 

Request: Support for OAuth

 

If y'all haven't heard, last week a small group of folks (myself included) released the Final Draft of a spec called OAuth Core 1.0. The spec describes a method for general API authentication that is an extraction of best practices from Google's AuthSub, Yahoo's BBAuth, Flickr's FlickrAuth, Amazon's Authentication and AOL's OpenAuth (like microformats, we decided to pave the cowpaths, rather than reinvent the wheel):

 

http://factoryjoe.com/blog/2007/10/04/oauth-core-10-final-draft-is-out-now-build-stuff/

 

Essentially this protocol can be used to provision tokens that work in place of usernames and passwords in remote applications, especially in desktop applications or Dashboard Widgets. Rather than using one's credentials to access protected resources (like password protected feeds!), you instead authenticate against the remote resource (Service Provider) and in turn, that Service Provider turns around and silently provides a token to the Consumer to be used for access from that point forward (or until the token is revoked).

 

This is exactly how FlickrAuth works for desktop Flickr uploaders.

 

Anyway, I'd like to make an early request that Brent take a look at the spec and consider adopting it for NetNewsWire. It would be especially useful in cases like Basecamp where they assign temporary passwords for OpenID users or with Google Reader for accessing private feeds... OAuth would make this process much more seamless and eventually part of a familiar flow (of course this relies on Service Providers implementing OAuth, but I'm pretty sure that we'll see some good pickup in the coming months).

 

http://oauth.net/documentation/spec

 

Chris

Comments (0)

You don't have permission to comment on this page.