Goodreads Developers discussion

100 views
oauth questions

Comments Showing 1-7 of 7 (7 new)    post a comment »
dateDown arrow    newest »

message 1: by Marc (new)

Marc (mcarmen) | 3 comments I am not super familiar with oauth but when I go to this URL http://www.goodreads.com/oauth/reques...

I get a message "Invalid OAuth Request" From what I understand I should be getting a token using that URL and key but I don't seem to be able to...any feedback.


message 2: by Michael (new)

Michael Economy (michaeleconomy) You do request_token after the user has clicked ok on our site.

Oauth is confusing. I'd highly recommend using a library. Additionally, I'd recommend reading a guide like this one:
http://hueniverse.com/oauth/


herse a really simple example written in ruby:

http://www.goodreads.com/topic/show/4...


message 3: by Marc (new)

Marc (mcarmen) | 3 comments OK oauth is a real pain for desktop/mobile applications. I understand the security feature behind it but at the same time it is really painful. I am hoping to make some different apps for desktop/mobile systems. I have used other systems that require oauth for web apps but provide a direct authenticate system for desktop apps....is this something goodreads is considering?


message 4: by Michael (new)

Michael Economy (michaeleconomy) We might develop that at some point, but I wouldn't expect anything soon.

-Michael


message 5: by Michael (new)

Michael Marc wrote: "OK oauth is a real pain for desktop/mobile applications."

While it is difficult at first once you get it working it really relieves alot of stress for devs and end users. As a dev you don't really want to be storing and protecting usernames/passwords and as an end user I really don't want to give out my info to everyone.

OAuth seems to be the route alot of major sites are taking so I expect to see more of it.


message 6: by Marc (new)

Marc (mcarmen) | 3 comments Michael,
I don't deny the benefits of OAuth and I think it is a great step on the security front for web applications. However, if you look at an example of working on a mobile phone it requires you to open up a browser and then intercept the response from the browser...kind of a pain. Now if there is a library in your programming language of choice that takes care of everything is great. However if you are working without a library it is a pain.

So I am not denying the benefits of OAuth but with desktop, and especially mobile applications, it is a real pain. I have seen at least one web service previously that used OAuth for other web applications but provided a traditional authenticate method for desktop/mobile devices.


message 7: by Muhammad (new)

Muhammad Hakim Asy'ari (hakimrie) | 3 comments Marc wrote: "OK oauth is a real pain for desktop/mobile applications. I understand the security feature behind it but at the same time it is really painful. I am hoping to make some different apps for desktop..."

XAuth is better alternative for mobile/desktop/mobile widget developer; I hope Goodreads will support XAuth soon.


back to top