This is an experiment to create a working OAuth 1.0 provider implementation (as described in RFC 5849) for Yesod 1.0.
If you want to help me by improving my code or making suggesting, feel free to use GitHub pull requests and issues.
Updated: 2013-06-27
I haven't worked in a while on this project and decided to write a library for an OAuth enabled API instead. While writing the xing-api package I learned quite a lot and gained some insights from the client perspective. My intention is to continue this project later on this year, but can't make any time commitments, because this is a private project that I do in my leisure time.
- Basic OAuth endpoint routing
- Random request token generation
- Custom datatype for OAuth tokens
- Draft for request token authorization
- Use OAuthToken datatype in database
- Authorize a request token (OAuth handshake page)
- Exchange request token for access token
- OAuth signature validation (oauth_signature, oauth_signature_method)
- OAuth parameter validation (oauth_token, oauth_consumer_key, oauth_version)
- Example API call to test the implementation and workflow
- Update to Yesod 1.2
- Consumer management (they need to be manually managed in the database)
- Permission handling
- The user can only give access to all of his data.
- Finer access rights will be job of the implementer.