omniauth vs scribejava for OAuth

[j...@joescii.com]

I've used omniauth in the past with Lift, and I'm working with a client looking into adding some OAuth features to their Lift app. We've (re)evaluated omniauth and discovered scribejava in the process. 

It looks like scribejava is a pretty solid option today. Omniauth doesn't have a lot of maintenance traction right now, and there is some overlap with scribejava. For instance, scribejava also features provider-specific details for popular services like Twitter, Facebook, etc. Scribejava also has significantly fewer dependencies (omniauth uses legacy Dispatch 0.8.x for http which pulls in quite a tree of jars) as it depends on native JVM stuff for http (can also plug in other http stuff as needed). Overall, scribejava just strikes us as a well-designed library for its goals. 

It seems at this point the primary value that omniauth has over scribejava is it already plumbs out some of the Lift session stuff for handing off tokens. 

What are other folks doing for OAuth these days? What would the interest level be in creating Lift module which takes what omniauth provides and offloads the rest of it to scribejava? Would a re-write and major version bump of omniauth be the best route (note that I have push rights to the repo, so I can certainly work with the right ppl to make it happen)? 

Thanks,

Joe

[Riccardo Sirigu]

Hi Joe, 

we use Omniauth but lately we are struggling with the migration to Scala 2.12 due to the outdated dispatch dependencies.

I'm in for creating an Oauth Lift module that uses scribejava underthehood

[Matt Farmer]

This may be re-inventing the wheel a bit, but I've honestly just hand-rolled my own OAuth stuff whenever I need it. The protocol is simple enough that I've never really felt the need to use anything other than Dispatch?

That said, as the new maintainer of Dispatch I would encourage you to look at it again, too, since we've now got some built-in OAuth stuff as well. You will have to upgrade to the modern version of it though. =)

--
--
Lift, the simply functional web framework: http://liftweb.net
Code: http://github.com/lift
Discussion: http://groups.google.com/group/liftweb
Stuck? Help us help you: https://www.assembla.com/wiki/show/liftweb/Posting_example_code

---
You received this message because you are subscribed to the Google Groups "Lift" group.
To unsubscribe from this group and stop receiving emails from it, send an email to liftweb+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[j...@joescii.com]

I 100% agree with you Matt that the protocol is almost so simple as to not be worth having a plugin... if you've taken the time to really learn the protocol. I know when I first needed to do OAuth, it was nice being able to grab this module and just keep running. Another nice thing it has is details for common services like Facebook, Twitter, etc already implemented.

If I have to raise the hood on this in the future, I'll certainly look into getting rid of the ancient dispatch at a minimum.

Joe