Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10

Luke Shepard <lshepard@facebook.com> Wed, 03 November 2010 18:16 UTC

Return-Path: <lshepard@facebook.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 82E6B3A68F0 for <oauth@core3.amsl.com>; Wed, 3 Nov 2010 11:16:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.599
X-Spam-Level:
X-Spam-Status: No, score=-103.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Lzij+5qj2S7S for <oauth@core3.amsl.com>; Wed, 3 Nov 2010 11:16:27 -0700 (PDT)
Received: from mx-out.facebook.com (outmail010.snc4.facebook.com [66.220.144.142]) by core3.amsl.com (Postfix) with ESMTP id 47B7C3A67BD for <oauth@ietf.org>; Wed, 3 Nov 2010 11:16:27 -0700 (PDT)
Received: from [192.168.18.212] ([192.168.18.212:15664] helo=mail.thefacebook.com) by mta037.snc4.facebook.com (envelope-from <lshepard@facebook.com>) (ecelerity 2.2.2.45 r(34222M)) with ESMTP id 86/38-19508-CF6A1DC4; Wed, 03 Nov 2010 11:16:28 -0700
Received: from SC-MBX06.TheFacebook.com ([169.254.5.89]) by sc-hub04.TheFacebook.com ([192.168.18.212]) with mapi id 14.01.0218.012; Wed, 3 Nov 2010 11:16:28 -0700
From: Luke Shepard <lshepard@facebook.com>
To: Olivier POITREY <rs@dailymotion.com>
Thread-Topic: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10
Thread-Index: Act1bTQG8hW8Xq4nTfmMV5EKv98z0gEYd9QAAEBPZgAAO2WYgA==
Date: Wed, 3 Nov 2010 18:16:27 +0000
Message-ID: <C7C8CB93-009C-48E8-9407-00F1E1D7395E@facebook.com>
References: <Act1bTQG8hW8Xq4nTfmMV5EKv98z0g==> <BF23C9FD-6865-4631-9687-4807F1D9CDBC@dailymotion.com> <AANLkTinpf8RrT-0As=2_jksWa7b71STcBLurnV515Deg@mail.gmail.com> <07DE56E9-D382-4A23-A475-79BCBC2FE9AC@dailymotion.com>
In-Reply-To: <07DE56E9-D382-4A23-A475-79BCBC2FE9AC@dailymotion.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [192.168.18.252]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <369BD1D31505A2468403C8072FE560B4@facebook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: OAuth WG <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Dailymotion API using OAuth 2.0 draft 10
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Nov 2010 18:16:28 -0000

Awesome!

We have also had similar challenges around insufficient scope. For some APIs, they map very easily to a single scope, but other calls may fail due to the lack of several scopes. Similarly we also handle this error at the API level.

On Nov 2, 2010, at 6:55 AM, Olivier POITREY wrote:

> Hi David,
> 
> Thank you for adding us. The implementation was straightforward, and the current draft of the spec is clear and easy to read. The only place where we had to adapt a bit was the "insufficient scope" error reporting: our API supports multiple method calls per request, and returning a global error if only one had insufficient scope wasn't very helpful for the developers. We solved this by simply handling insufficient scope errors at the API level.
> 
> Best,
> 
> On 1 nov. 2010, at 08:14, David Recordon wrote:
> 
>> Added you to http://wiki.oauth.net/w/page/OAuth-2. Any parts of the implementation what were challenging?
>> 
>> 
>> On Tue, Oct 26, 2010 at 5:27 PM, Olivier POITREY <rs@dailymotion.com> wrote:
>> Hi,
>> 
>> I'm proud to announce that Dailymotion released the first beta of its new API fully based on OAuth 2.0 draft 10. We are sticking 100% to the spec (we hope) and are supporting all client profiles. It's currently in beta, some parts are not polished yet (i.e.: authorization page is not skinned) and only a few methods are available but the basics are there and fully functional.
>> 
>> The documentation of our API can be found here:
>> 
>> http://www.dailymotion.com/doc/api
>> 
>> Here is the part specific to OAuth 2.0:
>> 
>> http://www.dailymotion.com/doc/api/authentication.html
>> 
>> We have client SDKs for PHP and Objective-C already available on GitHub (http://github.com/dailymotion). We will add Javascript, Python, Actionscript and Android SDKs soon.
>> 
>> We are very interested by feedbacks about our implementation before it goes final.
>> 
>> <teasing>BTW, our API implements some interesting cache mechanism, but this is OT :)</teasing>
>> 
>> Best,
>> 
>> _______________________________________________
>> OAuth mailing list
>> OAuth@ietf.org
>> https://www.ietf.org/mailman/listinfo/oauth
>> 
> 
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth