I've developed a REST web service and I want to implement an OAuth Service Provider for authenticating, primarily, two-legged OAuth requests. Could anyone please point me to an implementation of an OAuth Service Provider created in Delphi. Thanks in advance.
+1
A:
I have not used this OAUTH for Delphi, but I hear it works. You can read some more about it in the creator's blog.
Jim McKeeth
2010-03-04 17:52:07
A:
Jim, thank you for input. But the link you provided, is for an OAuth client/consumer. I am actually looking for the other side: an OAuth Service Provider. The info and code by Chuck Beasly should be useful though as a starting point.
BTW, I would appreciate it very much if anyone could comment on the following. As mentioned before, I am primarly interested in implementing support for 2-legged OAuth requests (a.k.a. signed requests?). Am I correct that a 2-legged OAuth request just involves these steps (basically steps E through G as depicted in the OAuth Authentication Flow):
Consumer -> Provider: Request access token (request is signed with consumer key and consumer secret).
Provider -> Consumer: Grant/deny access token.
Consumer can access protected resource if access token is granted.
The reason for wanting to use a 2-legged OAuth request instead of a 3-legged OAuth request, is because the user is already signed in and therefore I want to skip that part in the OAuth Authentication Flow. Also, the consumer/client is considered a trusted party and is allowed to access resources on behalf of the user.
Once again, I would appreciate it if anyone would comment or point any (security) flaws in my reasoning.
Thanks.
Jesse
2010-03-05 07:59:43