Cocoa OAuth 2.0 libraries
7 Mar 2012
Tags: cocoa, development, oauth
OAuth 1.0 was a big step forward for web security, removing the need for users to give their passwords to third parties, but was a bit of a step backward for anyone writing mobile or desktop clients. Handing over to a website broke the user experience of your app, could easily be spoofed anyway, and led to a bunch of hacks like Twitter’s X-Auth standard to try and find a way around it.
Thankfully, with OAuth 2.0, this was by and large fixed, with the new version supporting multiple authentication approaches suitable for web, mobile or desktop (not that all websites implement them all, but that’s not the standard’s fault).
The one downside as a Cocoa developer is that the officially recommended Cocoa library is, to be blunt, rubbish. It doesn’t even compile, and the author has acknowledged that it’s completely unusable :)
Thankfully though, there is a very good OAuth library that’s nicely designed that I can heartily recommend, which I discovered from the same comment thread (though only after trying a bunch of other less good libraries, alas) - OAuth2Client by nxtbgthng. This has a lovely interface, takes care of managing different tokens for you, is ARC friendly, has no external dependancies, and a BSD license. It also supports both iOS and OS X.
If you want a lesson in good library design, then I recommend comparing and contrasting this with OAuth 2 library in Google’s Toolkit for Mac which I’m sure is as easy to use as they claim, but just doesn’t make it at all obvious that it is. I leave you to work out which one is the good example and which is the less good one :)