OAuth -Diff-


Fri Mar 29 20:32:30 CET 2013, a

OAuth 2.0 is a very common method for users to provide authorization to web services. To facilitate writing Plan 9 and Inferno clients for many of these services, it would be nice to teach factotum(4) how to speak OAuth. There are some design considerations that need to be thought through; the models don't map directly.

In particular, the most common mode of using OAuth depends on some browser infrastructure. Is one of the browser options native (or roughly so) to Plan 9 up to the task? How reliably? Is the structure of the OAuth landing page standardized?

The first step would be to teach factotum to speak the part of the protocol that happens after the final hash is acquired. It would be inconvienent, but users could get that hash through the browser manually themselve, then hand it to factotum.

The next step would probably be an extension/replacement for auth/fgui which would look for OAuth requests from factotum and handle launching a browser (or redirecting an existing one via the plumber) and handing the results back to factotum.

While it isn't OAuth, flickrfs has support for Flickr's pre-OAuth authentication method, which has some similarities. Interested students might look to it for reference or inspiration, particularly for the first half of the problem (as described above).