Hi, I am looking into OAuth. I see (and thank you a lot for this!) that Chriss Ross Gill created OAuth client part in the twitter library: http://reb4.me/r/twitter.html , I am reading into it, but does he or anyone else know how much additional work would be needed to do the rebol OAuth server part ?
I don't think it'd be that difficult - most of the difficulty in the client was making sure all the hashing was correct, the rest is just storage and logic.
For the most part, authorisation is based the parameters of a request hashed with a private key. The trickiest part I'd imagine is the initial authentication - providing a safe method for the end user to allow the client to obtain and use the key.
End user downloads X's app/uses your
End user X downloads Y's app/uses Y's web site; X tries to access a function that uses your site; Y requests a temp key from you; Y directs X to your site with temp key, X says Y is OK, you give X a PIN; X goes back to Y, enters PIN; Y requests the permanent key from you. Y can now do anything on your site on behalf of X.