hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: integrated OAuth?
Date Tue, 01 Feb 2011 15:56:43 GMT
On Tue, 2011-02-01 at 14:33 +0000, Moore, Jonathan wrote:
> Hi folks,
> 
> The OAuth question posed on the user list yesterday made me wonder if it
> would be worthwhile to have built-in OAuth support in HttpClient. 

It most certainly would. 

> The
> library I suggested using is actually distributed under the Apache License
> 2.0, so we ought to just be able to include it if we like. (However, out
> of courtesy I would want to contact the original programmer too).
> 
> Before I start on this path, I wanted to gut check whether anyone had any
> objections, and if not, if anyone had any suggestions/guidelines on
> implementation? I'm guessing we want something that basically looks a lot
> like our current support for NTLM, Basic, Digest, etc.
> 

Please take a look at and reopen this issue

https://issues.apache.org/jira/browse/HTTPCLIENT-836

I have no good understanding how the OAuth is supposed to work, but I
remember reading somewhere that it differs from BASIC, DIGEST and NTLM
schemes by sending credentials preemptively rather than relying on the
conventional challenge / response mechanism. This may (or may not) pose
difficulties and potentially may require to treat the OAuth scheme
differently.

We also will have to decide how we go about additional external
dependencies that may be required by OAuth code- whether or not they
need to be made mandatory or can be kept optional and whether or not
OAuth code should be distributed as a separate jar (artifact).

Anyway, please do go ahead! There will always be ways to incorporate
good code into HC one way or another.

Cheers

Oleg


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


Mime
View raw message