Allow me to continue to point out the blindingly obvious. Whoever creates the simplest interface wins.
This is a point that kind of struck home with me sometime this morning. i was going over the Open Auth specification, and the older Open Auth Specification where i discovered that you simply pass the Consumer Key in a crypted, signed manner back to the authenticating site before you can access the data. Where do you get the Consumer Key? Well, first you need to get an access token, which is preceeded by a authorization request, which begins with an unauthorized request. Granted, the initial request is made to a given server which will contain a redirect to the XRDS server information which is a documented and reflective set of instructions in XML which describe where to get the additional elements you'll need to construct where to ask for that unauthorized request. Of course, once one goes through that multiple hand off process, involving several redirects, a presumed level of caching and one can only hope several sacrificial chicken offerings performed by hastily constructed LEGO kits, you discover something rather key.
Even though you've now gotten the individual to log in, you still don't know anything about them.
That part, as noted in the specification, is left as an exercise for the implementor.
Now, while i appreciate the level of effort that has gone into this design and construct, and i certainly do want to know that there's near universal agreement that having something that's both open and secure isn't easy, i just want a way to have folks log in and not have to retype a dozen points of data.
This is one of the big reasons that things like YUI, Gears and Python generally wins as far as geeks are concerned. They work like cars. i don't have to know the proper combustion ratio and timing required to drive a piston nor do i have to understand the effective torque levels required in order to rotate a series of gears about a common axle if i want to go get a gallon of milk. i just get in the car, perform a few simple initialization functions and i'm off. i don't have to think about what all is going on.
It's one of the reasons i always chuckle whenever i hear the old saw about how Linux is like a chair, they give you the raw materials to make the most comfortable chair you've ever sat in, provided you do the work of assembly. i don't want to learn carpentry, metallurgy and upholstery, i just want to sit and get some work done.
Yes, i've looked at using the various libraries for the various languages. They each suck in their own special ways, and it's not really the fault of the author, since they just spent a good portion of their lives trying to weed their way through arcane theoretical constructs and LEGO filled chicken entrails.
As it is, i've kinda blown a day messing on something that should have been a quick bit of work. Ah well, i guess i'll just use another time honored computer science technique and just abstract out that part. Perhaps, when i need to actually implement it, someone else will have created a simpler wrapper.
Otherwise, i get the stinking suspicion that person will be me.
Save This Page
I feel your pain. I've been implementing some OAuth stuff on the job recently. I had to actually draw out all the interactions that take you from step #1 (user comes to your web site) to step #12 (you render a page to the user). Yes…that's 12 steps.
It's truly a sad day when you can say that BBAuth is actually more simple than something else.