Sunday, February 15, 2009

Announcement: OAuth Client Library

For the past week or so, I've been working on various web services-related libraries, in the hopes of writing some sort of Launchpad dashboard applet for Awn. I think it would be nice to have new/recently changed bugs in Awn/Awn Extras at a glance in the dock, among other things. The first somewhat complete component is an OAuth client library. I finished the initial implementation (plaintext signature only) in under nine hours, and after the Awn 0.3.2 release (and a bit of frustration), I added HMAC-SHA1 signature support with the help of RFCs 2104 and 2202 (using GLib's checksum API). I've tested it with both the OAuth example Python server and the Launchpad API.

Also included in the source are two small test programs: one tests the HMAC-SHA1 implementation, and the other tests the OAuth implementation in its entirety. The latter uses .ini-style config files to define keys/secrets/URIs/etc. for a service.

There are a few things that still need to be done, in order for it to be a "complete" implementation. I probably want to replace my handwritten HMAC-SHA1 implementation with a libgcrypt-based one (although I'd have to figure out how to create bindings for Vala), which would also enable me to add RSA-SHA1 signature support. Additionally, I should probably add an asynchronous equivalent to the current synchronous API. Finally, it would be nice if it integrated better with libsoup's existing authentication structure. Currently, I just generate an Authorization: header to be manually added.

The next component I'm working on is a WADL dispatcher library. I don't like the idea of a library generating code (as I presume wadl2java does). We'll see how this turns out.

No comments: