1. Anders Holmgren Avatar Anders Holmgren
  2. Untitled project
  3. shelf_oauth
  4. Issues

Provide an example

Issue #1 new
Warren Strange created an issue

Please provide a small example

Comments (12)

  1. Anders Holmgren repo owner

    Sorry about the state of the doco. I plan to improve the doco when I start blogging about how I use these in gitbacklog

  2. Steven Roose

    Is this lib fully functional? Because the Dart OAuth library by the Dart team is not. It only implements certain flows.

  3. Anders Holmgren repo owner

    It's not a complete implementation of the oauth or oauth2 specs. It does however work for the use cases I have so far used it for.

    So far I have used it to oauth dance to:

    • github
    • bitbucket (oauth1)
    • google
    • hipchat

    So it depends on your requirements whether it fits. Note it uses the oauth2 and oauth packages internally.

  4. Warren Strange reporter

    The challenge with all of the various Dart OAuth 2 and JWT implementations is that they are written to solve "just enough" of the problem to solve the itch of the author.

    I have no time :-( , but I would love to see a concerted effort to create really good implementations of OAuth 2.0, JWT, and OpenID connect. I think I would start by copying a really good library from another language (not sure what that would be).

    It's a non trivial undertaking, as the various JWT and OIDC specs are quite large.

  5. Jonas Kello

    Although I think the work Anders have done is excellent, I agree that there is a lack of full packages. Because of this I actually did what you suggest for JWT. I looked through the mature JWT packages and found one in Java that I thought looked nice. It has full implementation, unit tests and docs:

    http://connect2id.com/products/nimbus-jose-jwt

    So I ported it to Dart. But once I got 80% thorugh I realised that the cipher package was lacking a lot of the functions that I just assumed it should have. Here is my 80% complete port:

    https://github.com/jonaskello/jose_jwt/tree/develop

    I think the dependencies look like this:

    OpenID connect -> OAuth 2.0 -> JWT/JOSE -> Crypto/Cipher.

    So before the community can provide any package for OIDC, OAuth and JWT/JOSE there must exist a full crypto/cipher package. It has been requested as "urgently needed" for some years now. IMO the Dart team should provide this basic building block rather than the community. But I don't blame them for not doing it, experimenting with new stuff is much more fun than providing basic building blocks :-).

  6. Steven Roose

    There is the cipher package maintained by Ivan Zaera. Even though it's not perfect and far from finished, I've used it extensively in Dartcoin (a Bitcoin library). There's a lot of things implemented, but Ivan stopped adding features about a year ago.

    When I worked at Dartcoin, he was very helpful and implemented new algorithms when I needed them :) You could take a look at it and contact Ivan about what he thinks about it's future.

  7. Jonas Kello

    Yes I did use the cipher package as far as possible but a lot is missing in it so it is not possible to implement all of the JWT/JOSE standards using it. Some things looks like they are there in the cipher package but they really are not when you try to use them. Even the examples provided does not work. Looking at the issues and the lack of answers by the author it seems abandoned. There is also the crypto package provided by the Dart Team is basically empty except for some hashing and base64 methods. So basically we are stuck, no full implementations of JWT, OAuth or OIDC will be able to appear before there is a full and maintained cipher/crypto package. Forking bouncy castle would be an option but I really don't have the time or interest so if I did that it would just be another abandoned package in a few months. I think to be credible and maintained for the future, the basic package for crypto must be provided by the Dart Team itself. What I would like to see is additions to the crypto package so it grows into something useful.

  9. Steven Roose

    Hmm, when I used cipher, I didn't use it's conventional API either, because it requires a call to an init method. I cherry-picked the classes I needed and all of them worked. The documentation is not very complete, but if you make an issue in the project with the things that are there but don't seem to work, I can take a loot at it.

    I can also try to contact Ivan (I've been in contact with him many times before; almost two years ago though) and ask if he plans to revive the development. I don't have the time to implement new algorithms, but if he lets me, I might streamline the API so that it becomes usable...

  11. Jonas Kello

    Hehe, yeah that might be true :-). If you could contact the author and check his future plans that would be helpful. I would very much like to complete the porting since I've already invested a few week-ends into it. Since I did this work some time ago I don't remember the specifics of the problems I had with the cipher package but I think one of them was like the G+ post said, it would not generate a RSA keypair.

  13. Log in to comment
Assignee
Type
bug
Priority
major
Status
new
Votes
2
Watchers
5
Jira Software: the preferred issue tracker for Bitbucket. Join the team!