LWP::Authen::OAuth2 terminology

cormanaz has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: LWP::Authen::OAuth2 terminology by perlfan (Vicar) on Sep 03, 2020 at 02:34 UTC
>But will they or I be the user? You are the user (consumer, client). Look at the `curl` example on your provider's site. It's about as basic as one can get. The constructor for LWP::Authen::OAuth2 requires the information that is needed for the `request_token` call, which is how you actually authenticate the client (instance of LWP::Authen::OAuth2). The instance (client) will then utilize the token when making calls via `get`, `post`, etc. Most of the complication is actually on the provider's end in facilitating the "conversation" that generates the token and sets access controls; but this is all done on the provider's end. LWP::Authen::OAuth2 is for the one making the API calls (you). Update - not sure, but looks like there are some service specific provider modules, e.g., LWP::Authen::OAuth2::ServiceProvider::Dwolla. So I am not sure if it's ready to roll out of the box or it just provides a foundation for something whacky a provider might do. Good luck.	[reply] [d/l] [select]
Re^2: LWP::Authen::OAuth2 terminology by cormanaz (Deacon) on Sep 04, 2020 at 16:31 UTC
You were right @perlfan. It was easy, and I was able to do it using LWP::UserAgent rather than implementsing LWP::Authen::OAuth2. I only thought I had to do the later because they recommended using a standard library for the OAUTH transactions so I thought it was more complicated. I stand by my rants about OAUTH2 tho :-)	[reply]
Re^2: LWP::Authen::OAuth2 terminology by cormanaz (Deacon) on Sep 03, 2020 at 14:59 UTC
But wait, user is not the same as consumer according to that primer. That is what's so confusing about this. OAuth2 seems to be designed for the case where I write an app that someone else will use to access a provider's data. I just want to get data from the API myself, so I guess that collapses I and someone else. But then I have to somehow authorize myself to get the data, as if I were not me? If perlmonks had emojis, I would totally insert that exploding head one right here.	[reply]
Re^3: LWP::Authen::OAuth2 terminology by perlfan (Vicar) on Sep 03, 2020 at 15:16 UTC
Have you even tried the `curl` command to get the auth token from them? It seems like if you signed up, got a "secret", and made that call you'd be 90% there. Are you on Windows or something and don't have a decent commandline?	[reply] [d/l]
Re: LWP::Authen::OAuth2 terminology by ForgotPasswordAgain (Priest) on Sep 03, 2020 at 13:59 UTC
Might be getting a bit off-topic, but one of the best presentations on OAuth I've seen is the hour-long video "OAuth 2.0 and OpenID Connect (in plain English)", by Nate Barbettini.	[reply]
Re^2: LWP::Authen::OAuth2 terminology by cormanaz (Deacon) on Sep 03, 2020 at 14:51 UTC
Egad. It takes an HOUR LONG VIDEO to properly explain OAuth2?	[reply]
Re^3: LWP::Authen::OAuth2 terminology by perlfan (Vicar) on Sep 03, 2020 at 15:17 UTC
You could also just try to reproduce the initial `curl` command in the docs. That's about as clear as you'll get. Once it becomes a tangible experience, I think much of your confusion will go away.	[reply] [d/l]
Re: LWP::Authen::OAuth2 terminology by Anonymous Monk on Sep 06, 2020 at 22:42 UTC
The service provider is the provider of the service which must be accessed. Your software is the direct consumer of those services, tasked with doing the right thing at the right time. You act on behalf of the user, who is probably a human being who may or may not be legit.	[reply]


Perl: the Markov chain saw
	PerlMonks