On Sep 20, 2012, at 12:27 PM, Ryan Culpepper wrote: > On 09/20/2012 01:45 PM, John Clements wrote: >> I have a student (cc:ed) that noticed that there's an OAuth 2.0 >> library for Racket, but no OAuth 1.0 library. Apparently, there are >> some differences, so that you can't use OAuth 2.0 to implement (say) >> an interaction with Twitter. Can anyone with OAuth experience confirm >> this, and also the absence of an OAuth 1.0 library for Racket? > > As I understand it, OAuth 1.0 is a much more complicated protocol. For > example, I believe OAuth 1.0 tries to include request integrity protection in > the protocol itself, requiring request canonicalization and digests and > whatnot, whereas OAuth 2.0 says "you must use SSL" (roughly) and then allows > you to use simple bearer tokens. OAuth 1.0 may not support all of the use > scenarios that OAuth 2.0 is designed for (but I could be wrong about this > part). Given that several web service providers (eg Google, Github) already > support OAuth 2.0, I don't think anyone has felt a need to implement OAuth > 1.0. > > On the other hand, it certainly seems doable.
Okay, that matches what we were thinking, with the additional piece of information that twitter's online docs strongly suggest that they don't support OAuth 2, and have no plans to do so. Sounds good! Many thanks, John
smime.p7s
Description: S/MIME cryptographic signature
____________________ Racket Users list: http://lists.racket-lang.org/users
