Skip to content

Rework Authentication #14

Open
Open
Rework Authentication#14
Labels
enhancement
@cookieo9

Description

@cookieo9
cookieo9
opened on Dec 5, 2013

Currenty authentication is handled by a Session object with different methods for the different possible OAuth1 flows. This session, once built and authenticated, is then handed to NewClient, which uses the session's http.Client, and a few helpers methods (to do OAuth necessary signing) to do the API calls. This was done to mimic the look and appearance of the ruby API at the time of this libraries creation. Not only has that API changed and grown since then, but Dropbox has added a new authentication method, OAuth2, which it's asking developers to use instead.

The client API section of other, OAuth2 based packages, written for go, often work a little differently: they often just receive a customized http.Client, which does all the authentication transparently as part of the http.RoundTripper interface. This would be a lot cleaner, and would provide several benefits:

  • A greater de-coupling of the authentication from the client
  • Almost immediate support for OAuth2, as the de-facto package (code.google.com/p/goauth2) already works this way OAuth2 support #13
  • Simpler dropbox.Client code (fewer helpers needed in client, and less calls to session code)
  • A possible avenue for redirecting requests away from the default dropbox servers Add ability to change URL's used by package #10
  • A method to use the above to also do some of the testing Full API Tests #11

It should be possible to modify the current OAuth1 Session type used by this package to operate in this manner, despite OAuth1 being far more complicated and involved then OAuth2 (which AFAIK delegates much of the heavy lifting to SSL/TLS).

The plan is to do this in two phases:

  1. Alter the dropbox.Client code, to use a http.Client directly (eg: not through Session's helper methods) and on the Session side, provide a method to create an http.Client from an authorized session which automagically authorizes each request. The new dropbox.Client code should not depend at all on the Session, other than querying it for an http.Client. This should not change the API.
  2. Modify the API so that NewClient takes the http.Client directly, and (optionally) move the session code to a sub-package.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancement

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions