PageRenderTime 87ms CodeModel.GetById 40ms app.highlight 1ms RepoModel.GetById 40ms app.codeStats 4ms

/README

http://github.com/skypher/cl-oauth
#! | 72 lines | 41 code | 31 blank | 0 comment | 0 complexity | 97551c1e29841592b3dac38207632a16 MD5 | raw file
 1This is cl-oauth, an implementation of the OAuth 1.0a standard
 2in Common Lisp.
 3
 4Spec URI: http://oauth.net/core/1.0a
 5
 6Section numbers mentioned in the code and documentation
 7refer to this document, unless mentioned otherwise.
 8
 9Most of the code has passed basic manual and automated tests,
10but the SP code hasn't been used in a real-world application
11yet.
12
13
14Not supported at this time:
15
16Service Provider:
17
18  * parameters from Auth header (needs some parsing) [5.4]
19    in principle a MUST, but as SP you get to decide ;)
20
21  * Nonce checking [9], a SHOULD.
22
23  * Session extension
24      http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
25  
26  * Problem Reporting extension
27      http://oauth.pbworks.com/ProblemReporting
28
29Consumer:
30
31  * Auth parameters should be working, but Google rejects them for
32    some reason. Do more testing and debugging.
33
34  * Revoking tokens as per section 7 of the Session extension
35
36  * Problem Reporting extension: fields in body are ignored.
37
38Both:
39
40  * crypto signatures different from HMAC-SHA1. It's easy to use
41    other digests and MACs via Ironclad but RSA needs to have
42    padding implemented. [9.3]
43
44  * PLAINTEXT signature. Meh. [9.4]
45
46  * POST and Auth requests are hardly tested yet.
47
48
49People who contributed in a substantial way to this library:
50
51  * Leslie P. Polzer <polzer@port-zero.com>: base implementation.
52
53See also revision log for minor contributions.
54
55
56TODO (apart from spec things not implemented yet):
57
58  * grep the code for TODO and FIXME
59
60  * incorporate test cases from http://wiki.oauth.net/TestCases
61
62  * abstract token storage, can't get far with volatile memory
63    FETCH-TOKEN/STORE-TOKEN
64
65  * better handling of different protocol versions; in particular
66    we should support serving both 1.0 and 1.0a clients (and requesting
67    stuff from 1.0 and 1.0a servers too, of course).
68
69  * compare with the Hammer draft spec and resolve differences
70
71  * always store the URL-decoded key/secret in the request token
72