Goodreads Developers discussion

52 views

feature requests > Support for oauth 1.0a

Comments Showing 1-9 of 9 (9 new) post a comment »

date

newest »

message 1: by Edward (new)

Jul 31, 2013 11:24AM

The Goodreads API appears to use Oauth 1.0 though it's not explicitly stated in the documentation. Is there a plan to use Oauth 1.0a? Specifically, libraries like Scribe don't support the older, less secure 1.0 implementation.

reply | flag

message 2: by Michael (new)

Jul 31, 2013 02:26PM

I thought it was 1.0a.

We'd add support for 2.0 first if we did want to expand it (thats not currently on our roadmap).

reply | flag

message 3: by Edward (new)

Jul 31, 2013 02:55PM

I might be wrong on the version number. Scribe chokes on the absence of oauth_verifier header. Or at least this appears to be what's happening.

reply | flag

message 4: by Michael (new)

Jul 31, 2013 03:01PM

What is scribe? Is there a url?

reply | flag

message 5: by Edward (new)

Jul 31, 2013 03:25PM

Scribe is a java oauth library:
https://github.com/fernandezpablo85/s...

reply | flag

message 6: by Michael (new)

Aug 01, 2013 11:20AM

maybe this post might be helpful?

http://www.goodreads.com/topic/show/2...

I'll check with our android guys, but we may have rolled our own oauth wrapper.

reply | flag

message 7: by Robert (new)

Aug 01, 2013 04:33PM

We use a slightly modified version of the Signpost OAuth 1.2.1.2 library, and they say it's "in conformance with the OAuth Core 1.0a standard."

I believe our modifications only correct the handling of square brackets in parameter names during signature generation.

reply | flag

message 8: by Edward (new)

Aug 01, 2013 04:40PM

Thanks for the information. I was able to get it working with a different Oauth library. It must be a limitation of Scribe or my misunderstanding of the implementation.

reply | flag

message 9: by Michael (new)

Aug 01, 2013 06:55PM

Which library?

reply | flag