my Saturday of OAuth

Since I’m home alone, thought I’d work today on some more OAuth.  I’ve been working on an addon for Thunderbird that handles OAuth, primarily for use with Contacts but I’m sure it will come in handy elsewhere.  The authorizer addon is meant to help other addons transparently use OAuth, and it does so by requiring only a couple lines of code:

let provider = 'google'
let [key, secret, params] = [myKey, mySecret,
                             {'extra':'params', 'scope':'something'}];
function testCallback(svc) {
dump("*********FINISHED**********\naccess token: "+svc.token+
     "\n  secret: "+svc.tokenSecret+"\n");
OAuthConsumer.authorize(provider, key, secret,
                        testCallback, params);

That’s all folks!

Given your keys for any OAuth provider, all the user interaction is handled for you. After your app or addon is authorized, the access tokens are stored in prefs and the user doesn’t need to authorize again. I have not worked out expiration of that yet, some work is still necessary.

If they haven’t already logged into the service, they will get a login form:

Once they have logged in, they have to authorize the application:

Now after agreeing, for most desktop apps, the user would have to copy a code and paste it into the app.  For this addon, I’ve worked around that step by catching a redirect in the browser.

You’ll notice lots of white space.  I’ve tried to get a size for the dialog that fits most OAuth providers (or at least the few I’ve implemented).  Unfortunately there is no standard in what the providers display.  But it works, looks decent.  You may also notice in the status bar that the user gets some indication of SSL security.

0 Responses to “my Saturday of OAuth”

Comments are currently closed.