Categories


Archives


Recent Posts


Categories


Reminder: Real World oAuth is not a Protocol

astorm

Frustrated by Magento? Then you’ll love Commerce Bug, the must have debugging extension for anyone using Magento. Whether you’re just starting out or you’re a seasoned pro, Commerce Bug will save you and your team hours everyday. Grab a copy and start working with Magento instead of against it.

Updated for Magento 2! No Frills Magento Layout is the only Magento front end book you'll ever need. Get your copy today!

Tangentially Magento related: Magento uses the lusitanian/oauth composer package to handle some oAuth related tasks. In addition to the usual “create the cryptic Authorization: headers” code you’d expect to find in an oAuth library, there’s also these two folders of code

https://github.com/Lusitanian/PHPoAuthLib/tree/master/src/OAuth/OAuth1/Service

https://github.com/Lusitanian/PHPoAuthLib/tree/master/src/OAuth/OAuth2/Service

Each service class listed here attempts to capture each individual oAuth API’s unique take on how to authenticate, authorize, and call an API endpoint for a particular third party service.

Whenever someone like me quips that “oAuth is a tire fire”, what we’re really saying is “I wish oAuth was a protocol with a standard implementation for authentication, authorization, and method calling across corporate providers”. The effort David’s made to write and/or collect these vendor specific implementations into a single place is admirable – but it points to the ultimate fragility of standards like oAuth.

Copyright © Alan Storm 1975 – 2019 All Rights Reserved

Originally Posted: 16th February 2017