[OAUTH-WG] New OAuth 2.0 Javascript library

Andreas Åkre Solberg <andreas.solberg@uninett.no> Thu, 08 March 2012 15:02 UTC

Return-Path: <andreassolberg@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 32B4521F86DC for <oauth@ietfa.amsl.com>; Thu, 8 Mar 2012 07:02:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.299
X-Spam-Level:
X-Spam-Status: No, score=-3.299 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qt1forKuKuFN for <oauth@ietfa.amsl.com>; Thu, 8 Mar 2012 07:01:59 -0800 (PST)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id 70E1821F86F3 for <oauth@ietf.org>; Thu, 8 Mar 2012 07:01:58 -0800 (PST)
Received: by lagj5 with SMTP id j5so711180lag.31 for <oauth@ietf.org>; Thu, 08 Mar 2012 07:01:57 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=sender:from:content-type:content-transfer-encoding:subject:date :message-id:to:mime-version:x-mailer; bh=v8jO/anPoBfkmQ/Pa4xZ3MiPN42cZSFczAzmT4LkZYo=; b=yKcTf6QB6ECXqIwz2LEuDEvBmtOfYuFbIi1l+sclrhd+I3wVdEI8KqTorK7f5g4Wkm yeiFxKyOuED6DO2a/9PR6UyC6a/+6Xy8AKBQrA0t+TlSiZ7y0Ap8g2DNesWxhGlJ7Dr0 XEPByWYQusTrgLm3SdvX1zVH+U6yk+QyzqEiYtMuC2kzoAuFLbMDnrlpLc/lCxtfnRK8 28ACrRp+zOUujYZSCieOujxOdTOfOOMurJe/CguEEJd1gLtSMllwLImPQbcdPUSwneA1 MShwovgurH4NjxoY2Tbe2l+N0S0O++tMhUGheq+LqPOETnS9ZkAP2Dcie8J6ltrbX6cR W9zQ==
Received: by 10.112.101.40 with SMTP id fd8mr2331519lbb.17.1331218917352; Thu, 08 Mar 2012 07:01:57 -0800 (PST)
Received: from [192.168.10.100] (94-246-37.42.3p.ntebredband.no. [94.246.37.42]) by mx.google.com with ESMTPS id a8sm2564596lba.15.2012.03.08.07.01.56 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 08 Mar 2012 07:01:56 -0800 (PST)
Sender: Andreas Åkre Solberg <andreassolberg@gmail.com>
From: Andreas Åkre Solberg <andreas.solberg@uninett.no>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Date: Thu, 08 Mar 2012 16:01:55 +0100
Message-Id: <078BBFC3-4A62-481B-A20D-DCC4D8A4ED8B@uninett.no>
To: oauth@ietf.org
Mime-Version: 1.0 (Apple Message framework v1257)
X-Mailer: Apple Mail (2.1257)
Subject: [OAUTH-WG] New OAuth 2.0 Javascript library
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2012 15:02:00 -0000

In case anyone find it useful, here is a new OAuth 2.0 javascript library.

	https://github.com/andreassolberg/jso

It would be useful for me if people tested it and reported any problems. I have limited access to alternative OAuth 2.0 provider implementations, so I've only tested a few of the commercial ones so far.

You can argue that a javascript OAuth library has limited value, given that you can eigther communicate with your own server (in which you share cookies with anyway) or you have to do ugly things like JSONP. Some situations where I think such a library might be useful anyway:
* given an API with CORS support.
* in native web apps running in example phone gap, running in file:// context and are thereby not limited by same-origin. 
* in situations where you bypass the token to your own proxying webserver, but would like to setup the tokens etc using javascript for more control of the user interface.

Feedback is welcome.

Andreas Åkre Solberg, UNINETT AS
http://rnd.feide.no