OAuth support in protocol addon

**LA_** · 19 Jan 2012, 3:28 PM

Hi guys,

is there any built-in solution in latest miranda/headers to implement authorization thru OAuth in protocol plugins?
p.s. my plugin written in delphi ((

Thanks.

**borkra** · 19 Jan 2012, 5:02 PM

It's pretty much does not make sense. Core OAuth is 1 HTTP request... The more complex part is what OAuth is trying to accomplish. The idea is on logon the browser popup and you login, after login completed application is issued code to use for eternity or not. That is not how Miranda traditionally works, can you make it this way... That is up to you and OAuth will not help you.

**LA_** · 19 Jan 2012, 6:11 PM

I don't understand quite well whether I should show standard user's browser (then the question is how to understand when the token is returned and how to get this token) or if it is some miranda's browser?

**ANR Daemon** · 19 Jan 2012, 7:49 PM

We don't understand, WHAT you want to do? I mean, exactly. Use OAuth authorization in your plugin for some obscure purpose? You better off ask somewhere else. At http://oauth.net/ for example.

**borkra** · 19 Jan 2012, 7:56 PM

Well, the idea behind OAuth that application does not send username and password. User logins on provider webpage and gets the permanent token, then application uses permanent token to get session token (This is what OAuth specification defines, how to get session token from the permanent token). And then protocol performs normal login using session token. As such no login information is stored by application, just the token issued by the website (and this considered much more secure, as permanent token could be revoked at any time). So far what most protocols that use OAuth did (Gadu-Gadu, Facebook, Twitter) they figured out how main login webpage works and get permanent token automatically simulating the browser input, but this functionality is totally outside OAuth protocol.

**LA_** · 19 Jan 2012, 8:26 PM

Heh, I know how OAuth works. I am trying to understand how to show browser and then receive token from miranda. So, you are saying that other protocols just don't show browser and simulate user's input. OK, I think I'll have to follow this approach.

**ANR Daemon** · 19 Jan 2012, 8:49 PM

As far as I'm aware, OAuth is authorization protocol, not authentication protocol.

**borkra** · 19 Jan 2012, 8:52 PM

Originally Posted by ANR Daemon

As far as I'm aware, OAuth is authorization protocol, not authentication protocol.

Yes, that is what we are talking about... How to get this working... As during login one need to perform both actions, no matter how many protocols there are to accomplish this.

**ANR Daemon** · 20 Jan 2012, 9:39 PM

I mean, it does not store authentication credentials, nor does it allow to authenticate you in some way.
It merely authorize access to certain private data for a certain token supposedly not shared with anyone.

You could imagine it as a box with a lock. You can open the lock by providing a matching key. But that does not mean that you is the original box owner.

**omniwolf** · 9 Jun 2012, 5:35 AM

probably a bit too late, but if you want have a look at my twitter/miranda plugin. i have hacked together an oauth implementation in miranda. you can find the details in the thread in the protocols forum.