61 posts / categories / feed

OAuth Qn – Which OAuth Library is this service provider using?

I really have an annoying question that I stumbled a few days back, basically I am trying to learn more about engaging a bridge with OAuth and some of the service providers like flickr, twitter, facebook etc.

But I was caught with a problem, which goes like this:

If I were to create an application with a few different API service providers, using different OAuth version, how or what can I do to manage my OAuth library?

I am not sure how many people would have had this same question as I do. But I realized that it is hard to just write up a class library, as there are different version of OAuth that these service providers are using for their API. This is not an impossible task but this seems more work in the managing than required.

Here is a basic scenario that I am trying to explain:

If you are trying to create an application that is pulling your data from both facebook and twitter, as you know, facebook is utilizing OAuth 2 while twitter is capable to work with OAuth (at the moment). Which option should you be choosing?

  1. Just manage the SDK of these two libraries
  2. Write and overall OAuth library capable to handle both OAuth 1 and OAuth 2, and call the library from your application.

Somehow I would think that option (1) is easier to handle. Why?

Ease of Manipulation

As we add in more service providers and flickr, etc, the number of libraries for OAuth increases as well. However, it would be a much easier way to manipulate, due to the fact that it is easier to upgrade the individual SDK library of each library than to put them all in one.

Not “Contagious”

If a certain service provider upgrades or make changes to the use of their library or OAuth implementation, this will not affect the rest of the other services on your system, as they do not share common class resources.

Scalable, but not in a nice way

Instead of changing just one main library file, we will have to look into various files due to the different OAuth that work with their API. Having to separate all individual working library file by files, it is still scalable (in terms of adding more files if you are using more services), but not in a way nice and neat way though.

I come to think about that, polymorphism and decoupling might not exactly play nice in this kind of scenario, Ease of Manipulation vs Scalability.

What is your take?