Is there a good tutorial for implementing OpenId and OAuth together in PHP? All of the OpenId tutorials I've seen on the official OpenId site haven't been as helpful or as simple as they could have been. I don't think I've seen any tutorials on using both of them together. (For OpenId, I'd want to be both a provider and a consumer.) If t...
I found a library that makes it easy to get my oAuth_token and oAuth_token_secret with c#. If I'm trying to make a POST to a RESTful web service (ie. http://brightkite.com/places/356a192b7913b04c54574d18c28d46e6395428ab/checkins) how are those two keys leveraged to varify authentication. A C# example would be awesome! ...
I know there has to be an obvious solution to this problem and I am missing it, so I would much appreciate someone enlightening me so I don't spin my wheels... I am writing an ASP.Net application that will interact with a service API (Evernote specifically). Evernote requires OAuth for security and before I can actually interact with t...
How can I verify a Google authentication access token? I need to somehow query Google and ask: Is [given access token] valid for the [[email protected]] Google account? Short version: It's clear how an access token supplied through the Google Authentication Api :: OAuth Authentication for Web Applications can be used to then request ...
I'm looking at building an API and was considering oauth for managing access to the api, but what I'm doing is more of a b2b system allowing businesses to access data to incorporate into their sites. I won't have any b2c at the beginning. So oauth doesn't seem like the right tool for me, I've been looking for sources regarding building...
Background: I'm designing the authentication scheme for a REST web service. This doesn't "really" need to be secure (it's more of a personal project) but I want to make it as secure as possible as an exercise/learning experience. I don't want to use SSL since I don't want the hassle and, mostly, the expense of setting it up. These SO q...
Can we make OAuth work from applications on mobile phones where there is no browser available? Without a browser, is it still possible for a user to approve the token requests (so that the consumer can proceed to fetch the protected resources from the service provider)? ...
I'm building a Python application that needs to communicate with an OAuth service provider. The SP requires me to specify a callback URL. Specifying localhost obviously won't work. I'm unable to set up a public facing server. Any ideas besides paying for server/hosting? Is this even possible? ...
I am trying to use Twitter OAuth and my POST requests are failing with a 401 (Invalid OAuth Request) error. For example, if I want to post a new status update, I am sending a HTTP POST request to https://twitter.com/statuses/update.json with the following parameters - status=Testing&oauth_version=1.0&oauth_token=xxx& oauth_nonce=xxx&o...
I'm currently working to specify my company's new partner/public API, which will be a resource-oriented RESTful web service. The missing piece of the puzzle at the moment is authentication/authorization. The requirements are: Initially it must work for a server-to-server environment, e.g. a server application must be able to identify ...
The beginners guide for oauth says the following: Binary data is not directly handled by the OAuth specification but is assumed to be stored in an 8bit array which is not UTF-8 encoded. I don't understand what is meant by this? How do you store binary in an 8bit array? The wikipedia article on bit array didn't help me. ...
The official oauth guide makes this recommendation: It is important not to try and perform the sort operation on some combined string of both name and value as some known separators (such as '=') will cause the sort order to change due to their impact on the string value. If this is the case, then what would be an efficie...
Hi guys, I'm tasked to design a new API for our infrastructure. Some of the things I'd like to do is: implement oauth for authentication good xml-based structure, adapting ATOM, GEO-RSS and other xml schema standards where applicable. JSON output Some of the things I've been thinking about is applying REST. In practice I find it's n...
Is anyone else having a difficult time getting Twitters oAuth's callback URL to hit their localhost development environment. Apparently it has been disabled recently. http://code.google.com/p/twitter-api/issues/detail?id=534#c1 Does anyone have a workaround. I don't really want to stop my development ...
I working on a new website and wanted some advice/feedback on OAuth vs OpenID vs Standard site owned username/password. ...
Hi, I have been investigating OAuth to share resources in my site to other sites. But, hole of OAuth specification was reported several days ago. http://oauth.net/advisories/2009-1 Many sites decided to stop OAuth until fixed version is released. Currently, can we have any alternative to OAuth? I want an open-standard and secure aut...
How to integrate google's Step2 with acegi security ...
I'm trying to use the googlesample for the hybrid protocol(OpenID+OAuth), but for some reason it is not working for me You are not authenticated I tried to use the google account button, nothing happens!! I tried entering my google openID and again nothing happens!! Could this be a problem with the browser?? not likely! Can you pl...
What are the abstract levels of technology that are used to build a Web APIs such as GData? ...
Hello, I'm currently planning a new web project. Clients are going to connect using a regular web browser and, in case of regular java-enabled cell phones, j2me client. I would really like to make use of the OpenID authentication. In case of regular web browser things are pretty straightforward. However, I am really not sure about insta...