[erlang-questions] Oauth 2.0 support

Tim Fletcher mail@REDACTED
Thu Jun 23 00:06:22 CEST 2011

> I think oauth 2.0 is entirely an application level feature. It requires
> application-specific storage, and application-specific implementation in
> what you delegate.

This is my experience. It's difficult to provide a "plug and play"
solution for OAuth on the server side because of all the choices
between web servers, frameworks, data storage etc.

> That being said, building oauth 2.0 clients is super easy, and building 2.0
> servers is not hard if you already have a sane user authentication and
> authorization system, because it all just relies on https.
> I've never found oauth 2.0 "helper libraries" to be much help, personally.

Exactly. The tricky thing with OAuth 1.0 was the signature calculation
(particularly RSA-SHA1), and that was worth sharing. Take that away
from the client side and you're left with an awkward wrapper around
httpc, which isn't much use.

My suggestion would be to implement OAuth 2.0 from scratch, and then
look for ways to improve the underlying HTTP libraries to make it
easier to write that functionality.


More information about the erlang-questions mailing list