cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Implementing OAuth support into curl?

From: Viksit Gaur <vik.list.nutch_at_gmail.com>
Date: Sat, 15 May 2010 00:48:45 -0700

Hi all,

I was thinking of the following workflow to integrate oauth into Curl.
This is the first iteration of the idea, so please feel free to
provide feedback.

First step - authorize curl with the Oauth framework on the website.

$ curl --oauth --consumer-key xxyy --consumer-secret xxyy
--authorize-url http://xyz --access-token-url http://xyz
--request-token-url http://xyz authorize

Once the command is executed, the following message shown on command line,

"Go to https://url.com and paste in the supplied PIN" (where url.com
was constructed by curl from the data given to it by the parameters
above)

(User gets a verifier/PIN from this URL and enters it)

xxyyzz

Next, curl stores the required access tokens in a file, since we would
need some kind of persistent state to ensure that using oauth, curl
keeps track of these tokens. We could do this either through a cookie
file, or some other file specifically created for this purpose.

And now, using curl with --oauth, would basically allow any of the
other curl functions to work with protected resources.

curl --oauth "https://www.protectedurl.com"

Would you have suggestions on how to store this persistent state
across curl invocations? Of course, there would be an "expiry time"
for these tokens which we would have to handle.

Cheers
Viksit

On Sun, May 9, 2010 at 10:57 PM, Viksit Gaur <vik.list.nutch_at_gmail.com> wrote:
> On Sun, May 9, 2010 at 2:53 PM, Daniel Stenberg <daniel_at_haxx.se> wrote:
>> On Sat, 8 May 2010, Daniel Stenberg wrote:
>>
>>> I think you can find inspiration from another HTTP authentication
>>> implementation and take it from there. Like for examle Digest.
>>
>> Attached here is a skeleton patch showing what I meant. It doesn't do any
>> oauth at all, but it is the foundation or proof of concept of how oauth
>> support could started to be added to libcurl.
>
> Thats awesome, thanks. Very helpful to get started and hack around.
>
> Let me create a small doc about how OAuth should integrate with curl,
> as well as the hooks into the the actual oauth implementation itself.
>
> Cheers
> Viksit
>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2010-05-15

This message: [ Message body ]
Next message: Pavel Raiskup: "[PATCH] Added userptr (CURLOPT_FNMATCH_DATA) to curl_fnmatch_callback"
Previous message: Daniel Johnson: "Re: lib577.c fails to link with --enable-hidden-symbols"
In reply to: Viksit Gaur: "Re: Implementing OAuth support into curl?"
Next in thread: Dana Contreras: "Re: Implementing OAuth support into curl?"
Reply: Dana Contreras: "Re: Implementing OAuth support into curl?"
Reply: Daniel Stenberg: "Re: Implementing OAuth support into curl?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]