Keith Grennan
Vancouver BC Canada
Recent blog posts
OAuth for Perl
Sun, 09/30/2007 - 15:03 — Keith
Update (2007-10-02): Net::OAuth now supports the RSA-SHA1 signing method!
Update (2008-06-04): Net::OAuth 0.11 released, with many new fixes and features Changelog
Quick links:
- Net::OAuth documentation and downloads on CPAN
- Live OAuth demo powered by Net::OAuth
Today I noticed the link ‘OAuth 1.0 Draft’ appear in the del.icio.us popular feed. I followed it, and to my great delight found a spec for a protocol that is long overdue.
OAuth is
An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
This abstract definition can be explained by a simple example:
I keep my photos on a photo-sharing site. I want to print some photos on a photo printing site, and have them shipped to me. How does the photo printing site get access to my photos (say they are my private photos, only visible to me)? One way would be to give the printing site (call this site the Consumer) my username and password at the sharing site where my photos are stored (call this the Service Provider). Problem: Then the Consumer has my credentials - this gives them total access - they could, in effect ‘be me’ on that other site. This obviously isn’t what I want. What I want to do is just give them the right to use my private data at the Service Provider, without giving away my password.
OAuth allows that to happen, in a simple standardized way.
OAuth is OpenID-like (not in its purpose, but in the way it is architected), but simpler. From reading the spec I can see that learnings from the OpenID process have been applied here - this spec has a clean, mature feel, despite being 1.0. It was also nice seeing some familiar names listed as authors on the document, like Blaine Cook and Andy Smith.
After all that I decided to help out with some Perl code. After a few hours of hacking, Net::OAuth was born! You can learn more about it on the Net::OAuth page on CPAN.
It’ll be fun to watch this protocol as it spreads. It is, like I said before, long overdue, and is immediately useful to many sites.
Comments
Thanks for starting this,
Thanks for starting this, Keith! I’ve been lurking on the OAuth list for a while, but I haven’t had any time to do anything about the spec or a Perl implementation. Now that you’ve started things off, I’ll take a look at the module and see if there’s anything I can do to help.
Hi Chris, That’d be
Hi Chris,
That’d be great!
The main things needed: