NetNewsWireRequest


Sent 10/7/2007 at 10am


 

Request: Support for OAuth

 

If y'all haven't heard, last week a small group of folks (myself included) released the Final Draft of a spec called OAuth Core 1.0. The spec describes a method for general API authentication that is an extraction of best practices from Google's AuthSub, Yahoo's BBAuth, Flickr's FlickrAuth, Amazon's Authentication and AOL's OpenAuth (like microformats, we decided to pave the cowpaths, rather than reinvent the wheel):

 

http://factoryjoe.com/blog/2007/10/04/oauth-core-10-final-draft-is-out-now-build-stuff/

 

Essentially this protocol can be used to provision tokens that work in place of usernames and passwords in remote applications, especially in desktop applications or Dashboard Widgets. Rather than using one's credentials to access protected resources (like password protected feeds!), you instead authenticate against the remote resource (Service Provider) and in turn, that Service Provider turns around and silently provides a token to the Consumer to be used for access from that point forward (or until the token is revoked).

 

This is exactly how FlickrAuth works for desktop Flickr uploaders.

 

Anyway, I'd like to make an early request that Brent take a look at the spec and consider adopting it for NetNewsWire. It would be especially useful in cases like Basecamp where they assign temporary passwords for OpenID users or with Google Reader for accessing private feeds... OAuth would make this process much more seamless and eventually part of a familiar flow (of course this relies on Service Providers implementing OAuth, but I'm pretty sure that we'll see some good pickup in the coming months).

 

http://oauth.net/documentation/spec

 

Chris