Support for 2 legged OAuth requests
26 views
Skip to first unread message
Anup
Jun 17, 2010, 8:57:51 PM6/17/10
to DotNetOpenAuth
Hi,
First of all I should say this library is really great and has helped
me a lot with all the oauth integration we are doing here at Autodesk.
I have one problem though -
I am trying to create a 2 legged OAuth resource request using this
library.
I cannot do it because of the exceptions thrown when accesstoken is
empty.
Other way to use the channel directly but then the internal access
restriction on AccessProtectedResourceRequest doesn't allow me to
create a request.
Can we remove either the internal access restriction or the contract
exception on empty accesstoken for the library to support this.
Thank you,
Anup
First of all I should say this library is really great and has helped
me a lot with all the oauth integration we are doing here at Autodesk.
I have one problem though -
I am trying to create a 2 legged OAuth resource request using this
library.
I cannot do it because of the exceptions thrown when accesstoken is
empty.
Other way to use the channel directly but then the internal access
restriction on AccessProtectedResourceRequest doesn't allow me to
create a request.
Can we remove either the internal access restriction or the contract
exception on empty accesstoken for the library to support this.
Thank you,
Anup
Andrew Arnott
Jun 18, 2010, 1:15:13 AM6/18/10
to dotnetopenid
Hi Anup,
I may be misunderstanding your scenario, but my understanding of 2-legged OAuth is that there is an access token. You skip the user authorization step, and go straight from the request token to the access token.
You mentioned having an empty access token, but I fail to understand what you're authenticating at all if you have no access token.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
I may be misunderstanding your scenario, but my understanding of 2-legged OAuth is that there is an access token. You skip the user authorization step, and go straight from the request token to the access token.
You mentioned having an empty access token, but I fail to understand what you're authenticating at all if you have no access token.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.
Anup
Jun 18, 2010, 11:16:03 AM6/18/10
to DotNetOpenAuth
Hi Andrew,
Thanks for responding so soon.
This is the spec I am referring to when I say 2 legged oauth -
http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html
And I am referring to this from the consumer point of view and not the
provider.
If you see the example in the spec at the end.
The consumer requests would go out with an empty token during the
protected resource request.
The problem I have is I cannot use the library as easily as 3 legged
oauth because of the exception of empty access token.
Let me know if this is still not clear.
Thanks,
Anup
On Jun 17, 10:15 pm, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Hi Anup,
>
> I may be misunderstanding your scenario, but my understanding of 2-legged
> OAuth is that there *is* an access token. You skip the user authorization
> > .
Thanks for responding so soon.
This is the spec I am referring to when I say 2 legged oauth -
http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/2/spec.html
And I am referring to this from the consumer point of view and not the
provider.
If you see the example in the spec at the end.
The consumer requests would go out with an empty token during the
protected resource request.
The problem I have is I cannot use the library as easily as 3 legged
oauth because of the exception of empty access token.
Let me know if this is still not clear.
Thanks,
Anup
On Jun 17, 10:15 pm, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Hi Anup,
>
> I may be misunderstanding your scenario, but my understanding of 2-legged
> step, and go straight from the request token to the access token.
>
> You mentioned having an empty access token, but I fail to understand what
> you're authenticating at all if you have no access token.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
>
> You mentioned having an empty access token, but I fail to understand what
> you're authenticating at all if you have no access token.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
> On Thu, Jun 17, 2010 at 5:57 PM, Anup <anup.c...@gmail.com> wrote:
> > Hi,
>
> > First of all I should say this library is really great and has helped
> > me a lot with all the oauth integration we are doing here at Autodesk.
>
> > I have one problem though -
> > I am trying to create a 2 legged OAuth resource request using this
> > library.
> > I cannot do it because of the exceptions thrown when accesstoken is
> > empty.
>
> > Other way to use the channel directly but then the internal access
> > restriction on AccessProtectedResourceRequest doesn't allow me to
> > create a request.
>
> > Can we remove either the internal access restriction or the contract
> > exception on empty accesstoken for the library to support this.
>
> > Thank you,
> > Anup
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "DotNetOpenAuth" group.
> > To post to this group, send email to dotnet...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > dotnetopenid...@googlegroups.com<dotnetopenid%2Bunsu...@googlegroups.com>
> > Hi,
>
> > First of all I should say this library is really great and has helped
> > me a lot with all the oauth integration we are doing here at Autodesk.
>
> > I have one problem though -
> > I am trying to create a 2 legged OAuth resource request using this
> > library.
> > I cannot do it because of the exceptions thrown when accesstoken is
> > empty.
>
> > Other way to use the channel directly but then the internal access
> > restriction on AccessProtectedResourceRequest doesn't allow me to
> > create a request.
>
> > Can we remove either the internal access restriction or the contract
> > exception on empty accesstoken for the library to support this.
>
> > Thank you,
> > Anup
>
> > --
> > You received this message because you are subscribed to the Google Groups
> > "DotNetOpenAuth" group.
> > To post to this group, send email to dotnet...@googlegroups.com.
> > To unsubscribe from this group, send email to
> > .
Andrew Arnott
Jun 18, 2010, 11:26:31 AM6/18/10
to dotnet...@googlegroups.com
Thanks for the additional info. This isn't the same 2-legged OAuth I was familiar with, but since it's a spec... hey, let's add support for it.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
Would you please add a "wish" on http://dotnetopenauth.uservoice.com/ asking for this feature and including the link to this spec?
I can't promise it will happen within a week, but I think it will be not much longer than that.
--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
Anup
Jun 18, 2010, 1:42:29 PM6/18/10
to DotNetOpenAuth
Thanks a lot Andrew!
Currently we have a work around for this so you can take your time on
any other critical requests.
- Anup
On Jun 18, 8:26 am, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Thanks for the additional info. This isn't the same 2-legged OAuth I was
> familiar with, but since it's a spec... hey, let's add support for it.
>
> Would you please add a "wish" onhttp://dotnetopenauth.uservoice.com/asking
> for this feature and including the link to this spec?
>
> I can't promise it will happen within a week, but I think it will be not
> much longer than that.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
> > <dotnetopenid%2Bunsu...@googlegroups.com<dotnetopenid%252Buns...@googlegroups.com>
Currently we have a work around for this so you can take your time on
any other critical requests.
- Anup
On Jun 18, 8:26 am, Andrew Arnott <andrewarn...@gmail.com> wrote:
> Thanks for the additional info. This isn't the same 2-legged OAuth I was
> familiar with, but since it's a spec... hey, let's add support for it.
>
> Would you please add a "wish" onhttp://dotnetopenauth.uservoice.com/asking
> for this feature and including the link to this spec?
>
> I can't promise it will happen within a week, but I think it will be not
> much longer than that.
> --
> Andrew Arnott
> "I [may] not agree with what you have to say, but I'll defend to the death
> your right to say it." - S. G. Tallentyre
>
> On Fri, Jun 18, 2010 at 8:16 AM, Anup <anup.c...@gmail.com> wrote:
> > Hi Andrew,
>
> > Thanks for responding so soon.
>
> > This is the spec I am referring to when I say 2 legged oauth -
>
> >http://oauth.googlecode.com/svn/spec/ext/consumer_request/1.0/drafts/...
> > Hi Andrew,
>
> > Thanks for responding so soon.
>
> > This is the spec I am referring to when I say 2 legged oauth -
>
Reply all
Reply to author
Forward
0 new messages