Recently, I’ve been looking at OAuth again. When, in the past, I was checking our Drupal, I had this general OAuth plugin. Just enter the protocol version, urls, client id and secret, and you could use any OAuth provider.

I have been looking for something simular for WordPress, but it doesn’t appear to exist. There exist some plugins specific to a website,
There are plugins line Gigyas and Janrain, which require you to sign up at their site. I don’t trust those kind of services, introducing another party in the login process, which, if compromised, could harm both the user and the website. Depending on a third party to authenticate your users is one thing, but letting a fourth party nagotiate between you and the third party is just asking for trouble if you ask me.

Last time I looked at OAuth, it seemed to me Facebook was the only service using OAuth 2.0. Nowadays, a higher number of services is using the 2.0 version of the protocol. Even Microsoft has adapted to this protocol, depricating it’s proprietary protocols it used when it was still called a Passport account. I know it was a long time ago when it was called this, but still, since when does Microsoft actually use standards (without raping them)?

Anyways… since there doesn’t appear to exist an universal OAuth solution for WordPress, I intent to make such a plugin. I think I’ll base it upon the oauth php library by Manuel Lemos. This library implements OAuth 1.0, 1.0a and 2.0. (For 2.0 some sites might use earlier drafts, not sure if this becomes problematic.) The source code is released under the 3 clause BSD license, so it could be used without a problem. I intend to create WordPress bindings for this library. So, I’ve been looking at the WordPress plugin API as well.

Well… I’m just getting some ideas ;)

P.S. When you think about using OAuth with Twitter, back then, and right now, I’m noticing the problem with the callback URL. You have to specify the callback URL at the application settings at their site.

« »