On 09/20/2012 01:45 PM, John Clements wrote:
I have a student (cc:ed) that noticed that there's an OAuth 2.0 library for Racket, but no OAuth 1.0 library. Apparently, there are some differences, so that you can't use OAuth 2.0 to implement (say) an interaction with Twitter. Can anyone with OAuth experience confirm this, and also the absence of an OAuth 1.0 library for Racket?
As I understand it, OAuth 1.0 is a much more complicated protocol. For example, I believe OAuth 1.0 tries to include request integrity protection in the protocol itself, requiring request canonicalization and digests and whatnot, whereas OAuth 2.0 says "you must use SSL" (roughly) and then allows you to use simple bearer tokens. OAuth 1.0 may not support all of the use scenarios that OAuth 2.0 is designed for (but I could be wrong about this part). Given that several web service providers (eg Google, Github) already support OAuth 2.0, I don't think anyone has felt a need to implement OAuth 1.0.
On the other hand, it certainly seems doable. Ryan ____________________ Racket Users list: http://lists.racket-lang.org/users
