On Fri, 7 May 2010, Viksit Gaur wrote:

>> Let's do it. As mentioned on IRC I believe oauth needs some crypto
>> algorithms present so we probably need to make oauth support dependent on
>> an underlying crypto lib pretty much in the same way NTLM currently is.
>
> Excellent! Would you have pointers to which libraries in particular would be
> good to look at for this?

Since libcurl is usually built to use either OpenSSL, GnuTLS (gcrypt), NSS or
(now) PolarSSL, I think it is a good idea to try to make use of the RSA and
SHA1 algorithms as provided by the particular library of choice.

I figure the first person starting on the implementation can pick what library
to start with.

BTW, given your keeness in this area, are you going to take the lead of
writing the code for this?

> I think Twitter would be a good test bed to try it out on - for instance,
> testing out a timeline that requires OAuth (and IIRC they will deprecate
> support for basic http auth soon). We can sort out the details of a test
> server/username on IRC, and document them somewhere.

I don't think we need to document them anywhere in particular. Once we've made
sure that oauth works against live real-world test servers, we can and should
write test cases in our own test suite and from that moment on we don't need
the server/username of any "real world" test servers anymore.

I also found a (claimed) live test server for oauth at:

         http://term.ie/oauth/example/

... and there seems to exist a few others as well.

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html