I’m sitting in Frankfurt Airport (FRA) waiting for my connecting flight to San Francisco which will let me attend Social Graph FooCamp 2008.
According to the cast of people assembled on the wiki it seems that its going to be lots of fun and hopefully very productive.
I’ll be arriving to SF after noonish. If you want to meet, say hi, or anything else, Email me through the contact page.
Since this is a FooCamp, I do have a very rough on the edges topic to discuss and bring up. I wanted to write a post about it before the camp but whenever I started writing the post I kept on hitting open issues (or at least issues that must be resolved before moving on). This eventually made the post very incoherent so I thought that the best way to resolve it is by putting up a session at the camp.
I’ll guess we’ll see what we will end up doing at the end :-)
At IIW 2007b OAuth Core 1.0 Final was released.
I wish I could attend IIW but I had previous work related obligations that I simply could not get out of. I do hope to attend the next one (IIW 2008a).
Now it’s time to update the C# client to the latest and really final version of the spec.
Congrats to everyone involved with OAuth. It is a truly amazing group of people and I think we can all be proud of the outcome!
I know it took me a while (sorry) but I had a couple things on my plate.
At first I wanted to release a more complete integration of OAuth within ASP.NET, but that will have to wait to the next time frame I can allocate to work on this.
In the meantime, there is some basic C# code in the OAuth code repository which generates the OAuth signature, which is the most complicated thing to implement in the spec (not that it’s that difficult to implement :-) It’s actually quite easy).
To use the C# code, simply do this (based on the samples in the spec):
OAuthBase oauth = new OAuthBase();
Uri url = new Uri(“http://photos.example.net/photos?file=vacation.jpg&size=original”);
string signature = oauth.GenerateSignature(url, “dpf43f3p2l4k3l03”, “kd94hf93k423kf44”, “nnch734d00sl2jdk”, “pfkkdhi9sl3r4s00”, “GET”, oauth.GenerateTimeStamp(), oauth.GenerateNonce(), OAuthBase.SignatureTypes.HMACSHA1);
After that you can concatenate the relevant query parameters as well as the signature value to the URL and use it.
If you have a different timestamp and/or nonce generation method, you can inherit and override these methods.
If you require a different hashing algorithm other than the default HMAC-SHA1 or the PLAINTEXT (which MUST be used with a secure communication channel such as HTTPS) you can use the “GenerateSignatureBase” method to generate the signature base string and then call “GenerateSignatureUsingHash” passing the signature base and the hash algorithm you are using.
That’s about it. I’ll update when I’ll have some more integrative code.
After Chris blogged about it Eran Hammer-Lahav wrote a Beginner’s Guide to OAuth I have little to add.
I will add though that my C# library which I’m promising for quite some time will get out very soon :-) (Sorry for the delay, it’s been hectic around here).
Others have made such great explanations as to what OAuth is and what it does like Eran Hammer-Lahav’s post so I won’t repeat it.
I will say that OAuth should make the Internet a little bit safer by giving the technical means to remove the need of a certain service asking the user to give his/her username and password to access another service that that user is also using.
OAuth is to credentials delegation what OpenID is to authentication. An open standard for delegating a user’s credentials between services, the same way OpenID is an open standard for authentication.
It is important to note, however, that OAuth is not limited to be used with OpenID only. It CAN be used with ANY authentication scheme both open and proprietary.
After all, some of the main mantras of OAuth were that we don’t want to reinvent the wheel(s) and we want OAuth to play nicely with everyone.
I’m contributing to the working group of OAuth and we just released the first public draft for OAuth 1.0. Take a look, read the spec and share your thoughts and comments with us!
OAuth – another brick in the open standards wall of authentication, credentials delegations and ultimately identity.