Home

oauth

OAuth for Perl

Sun, 09/30/2007 - 15:03 — Keith

Update (2007-10-02): Net::OAuth now supports the RSA-SHA1 signing method!

Update (2008-06-04): Net::OAuth 0.11 released, with many new fixes and features Changelog

Quick links:

Today I noticed the link ‘OAuth 1.0 Draft’ appear in the del.icio.us popular feed. I followed it, and to my great delight found a spec for a protocol that is long overdue.

OAuth is

An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.

This abstract definition can be explained by a simple example:

I keep my photos on a photo-sharing site. I want to print some photos on a photo printing site, and have them shipped to me. How does the photo printing site get access to my photos (say they are my private photos, only visible to me)? One way would be to give the printing site (call this site the Consumer) my username and password at the sharing site where my photos are stored (call this the Service Provider). Problem: Then the Consumer has my credentials - this gives them total access - they could, in effect ‘be me’ on that other site. This obviously isn’t what I want. What I want to do is just give them the right to use my private data at the Service Provider, without giving away my password.

OAuth allows that to happen, in a simple standardized way.

OAuth is OpenID-like (not in its purpose, but in the way it is architected), but simpler. From reading the spec I can see that learnings from the OpenID process have been applied here - this spec has a clean, mature feel, despite being 1.0. It was also nice seeing some familiar names listed as authors on the document, like Blaine Cook and Andy Smith.

After all that I decided to help out with some Perl code. After a few hours of hacking, Net::OAuth was born! You can learn more about it on the Net::OAuth page on CPAN.

It’ll be fun to watch this protocol as it spreads. It is, like I said before, long overdue, and is immediately useful to many sites.

Syndicate content