views:

297

answers:

2

I've developed a REST web service and I want to implement an OAuth Service Provider for authenticating, primarily, two-legged OAuth requests. Could anyone please point me to an implementation of an OAuth Service Provider created in Delphi. Thanks in advance.

+1  A: 

I have not used this OAUTH for Delphi, but I hear it works. You can read some more about it in the creator's blog. alt text

Jim McKeeth
A: 

Jim, thank you for input. But the link you provided, is for an OAuth client/consumer. I am actually looking for the other side: an OAuth Service Provider. The info and code by Chuck Beasly should be useful though as a starting point.

BTW, I would appreciate it very much if anyone could comment on the following. As mentioned before, I am primarly interested in implementing support for 2-legged OAuth requests (a.k.a. signed requests?). Am I correct that a 2-legged OAuth request just involves these steps (basically steps E through G as depicted in the OAuth Authentication Flow):

  1. Consumer -> Provider: Request access token (request is signed with consumer key and consumer secret).

  2. Provider -> Consumer: Grant/deny access token.

  3. Consumer can access protected resource if access token is granted.

The reason for wanting to use a 2-legged OAuth request instead of a 3-legged OAuth request, is because the user is already signed in and therefore I want to skip that part in the OAuth Authentication Flow. Also, the consumer/client is considered a trusted party and is allowed to access resources on behalf of the user.

Once again, I would appreciate it if anyone would comment or point any (security) flaws in my reasoning.

Thanks.

Jesse