Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
-
@superi0r well it usually fine in Python. Especially when Python's oauthlib used on the other side. Some developers actually can implement the standard after reading it.
-
I went rant a week ago. Google oauth2 should work in C# asp.net mvc project out of the box. But if you want to authenticate user to have access to some google api then refresh token not working because google apis libraries work properly only up to mvc4 not mvc5. Ended with own implementation of authentication flow and token store in database -_-. Glad it's not for work but for uni.
Wanna know about hacks? I'll tell you. There is a peace of software called SugarCRM. It has OAuth2 provider implementation. I was assigned to write OAuth2 consumer for it.
It turned out they just failed to make it right.
The list of hacks:
* Hack on standard Authentication header. They use custom.
* Hack on "scope". They send null which is standard violation. So it is replaced to empty string before response processing starts.
* This is my favorite. Refresh token simply doesn't work. So we need to store user's credentials in memory to be able to reauthenticate user transparently.
undefined
wk19
oauth
sugarcrm