I would like to share my experiences in learning and using OAuth in this blog entry. Authentication is the first feature we will encounter when we try to use any (web) application. OAuth is a open protocol to standardize authentication. It has already gained wide industry acceptance and most web users are likely to have already used it without actually knowing it (ex: using their facebook or twitter user to login on to other services be it slideshare or host of other web 2.0 applications). While there are other contending standards (open and proprietary) in this area such as openID, facebook connect and google connect to name a few, currently OAuth seems to be the way to go for most vendors/developers.
I have tried to learn OAuth by actually using it to access Google Gdata API’s and SAP Streamwork API’s. Using the Google App Engine I created simple web apps that use OAuth for authentication to these services. Using the Google plugin for Eclispe its pretty easy to create web apps for the Google app engine. I used the Java SDK to build the web apps. The tricky part was to get OAuth to actually work and get some real data!
Below are some of my nice to know’s/gotchas from the project
– Goolge OAuth playground tool was pretty hand to understand the whole sequence of OAuth dance. There are actually 6 steps before you can see some real data! While the whole process is pretty cumbersome one can only hope that vendors will standardize on it and the effort will payoff
– For Goolge services I followed the instructions here. I used the 3-legged OAuth and signature method HMAC-SHA1. I tried with Public key/private key (RSA–SHA1) but it was too much trouble and could not get it to work.
– I used the Google App Engine OAuth demo app code here to test the GData API’s. It took me some time to get all the keys/Tokens to work but the most time was lost step where I had hard time to see the actual data. I run into this issue which cost some time.
– My experience with trying to get OAuth to work with SAP Stream work was much easier thanks to the blog entries SAP StreamWork OAuth, a code walk through. and SAP StreamWork REST API Authentication, Authorization, and OAuth. I basically adapted the code in the blog to make it run on the app engine.
– The demo of the running apps can be seen here for the Google OAuth Sample App-
and here for the Streamwork OAuth Sample App
– I would be glad to share the code if interested contact me.
Now that OAuth actually works for these services I can begin with the actual work of building some interesting composite mashups :o)