Playing with Hotmail oauth

Hotmail is very friendly unlike Facebook to access their info.  Use https://manage.dev.live.com/ and create your app and get client id and secret. It also allows you to specify callback/return to URL in the dashboard.

It is funny that URI component for mobile app is touch.

It is interesting to see it support localization but there should be a way to pass localization info dynamically otherwise it is of no use.

Very elaborate documentation about how to access live oauth 2.0 based service is here http://msdn.microsoft.com/en-us/library/hh243649.aspx.

Erlang Facebook API

I am exploring way to get into user's graph using Facebook API, my language of interest is Erlang. With quick search, unlike Yahoo API, I found couple of erlang module available to do the job. I will go over it and if I find anything cryptic, I will update it on next post.
My requirement

1. User wanted to bring their user graph but not need to provide their userid/password (oauth)
2. Once loggedin, they choose people who they are to be invited 
3. Choose selected one.

This is kind of interesting flow, in fact, others following.  

Constrains,

1. What is the API user agreement?
2. No of calls limit
3. Constrain to post message to Facebook using API
4. Retrieve Events 

I will research these topic and post it here if anything interesting.

[Update] Facebook API doesn't allow contact email addresses of friends but found that there are greater API level integration with different graph API. But clue is "it is easy with oauth" but facebook notoriously stoping me to verify my account using phone no :)  So I am hibernating this effort.

Yahoo oauth and Erlang

I successfully implemented or more aptly integrated yahoo oauth.
Points to note,

• You must sign in and get 
• Consumer key embeds what kind of service you are enlisted 
• Secret 
• App ID (you don't need it for YQL)
• For accessing private data -- it is 3 legged process -- 
• Get request token
• Use that to bring yahoo sign in page to ask user to give authorization to access services 
• Once user accepts, callback URL will be called and with query param 
• Once callback is complete, access actual DATA API using YQL
• YQL determines what service (like contact or connection etc) you are accessing but consumer key tells whether you have that service enabled. 
• If you later add or modify service access, you will get new consumer key
• diagnostics=true is handy to see what is wrong with your request
• Most of the oauth parameters are sent as query string
• Mostly more than 3 requests fired to yahoo to get a data
• window.opener will not work to communicate back to parent window because it is shifting to 2 different domains
• I used ugly timer to track popup window to closing status. I felt window.close event would have been handy.

I used nice little library for erlang (https://github.com/tim/erlang-oauth) 

OpenId and oAuth

I am planning to implement the openid and oAuth in Erlang. There are couple of modules already there which I am going to look into however I am interested in Attribute exchange and policy extension for multi factor authentication. Current incarnation of openid has UX (User experience) issue due to URL redirections. It is addressed in Openid UI extension, So possibly the popup based solution would come into practice.

I will update this post when I figure out the issues and possible solutions.

I am interested in oAuth enforcing standard mechanism to share different resources (http).