Code with OAuth and Social networks

I have been working with social networks like linkedin, tiwtter, wikipedia and facebook to extract more details from them and also update the social networks from a single place. It was learning to see that these social providers offer API access based on java-script and REST for third party guys to integrate through a program.

1. The API are no more described in terms of functions and parameters, but are described more in terms of URIs,REST,JSON,XML and javascript. This is quite different from the approach I have taken to write web services and clients in the past. To invoke the functionality to extract data from providers, one needs to understand the various URIs supported, query strings, filling GET or POST data in HTTP request and reading raw HTTP response in XML or JSON format and understanding HTTP error responses. I thank Sendhil for his blog Client-Side Web Application development using JavaScript to make myself aware of what I was doing.

Linkedin APIs
Twitter APIs
FaceBook APIs
Wikipedia APIs
Bing Search APIs

2. The social providers support a way to authenticate program using OAuth. OAuth allows you to share your private resources stored on one site with another site without having to hand out your user name and password. It seems that they are saying that users don’t care about protocols and standards – they care about better experience with enhanced privacy and security. I was amazed at the multiple ways to impersonate other person in your code to perform functionality and also make sure that the privacy details are safe-guarded.

3. There was no official java or C# based client example provided by the service provider and client examples were targeted towards PHP, java script and Python. Neither one finds organized information about accessing social providers and OAuth security from a desktop application or NT service. I actually have build OAuth client that works from a windows web service or simple windows Forms application.

4. There are default clients available that could be used to test APIS
LinkedIn Console
Twitter Console
Bing Search Console

5. Once of my challenge also was to work with limited documentation to get a grasp of the entire set of capabilities offered by the APIS. By offering them free, it might be a strategy to allow developers to learn things what is of interest to them. The error codes need to be explained better and that is surely lacking. The explanation of how OAuth authorization affects API can be explained in better manner.

Book marking some references(Thanks to all authors to help me grasp OAuth)
Getting Start with OAuth
OAuth 2.0 Microsoft page
OAuth for Dummies.
OAuth 2.0 and the Road to Hell
How to write a complete OAuth Provider in PHP5
Four Attacks on OAuth – How to Secure Your OAuth Implementation

    My learning with OAuth makes come with the below judgements.

  • best suited for web, mobile and can work for Desktop clients with some tricks.
  • One-time tokens. For this, OAuth is a lot of complexity to make one API call.
  • OAuth might not be the solution when the only clients of your API are servers, with the requirement to log in securely using a browser on the way.
  • Where do you store credentials on the client?