August 10, 2012
Back in the good old days things were a lot simpler. You didn’t have to worry about packet capturing or password extracting, and as a result a lot of the original protocols like HTTP, FTP and POP3 didn’t worry about sending your passwords over the wire in plain text. But in today's increasingly sophisticated API-driven world this isn't enough.
Most web services available to developers have been inaccessible to Connect IQ developers because they use OAUTH to provide access control, and this functionality did not exist in Connect IQ. Connect IQ 2 added new OAUTH APIs opening up Connect IQ apps to many of the APIs available on the web.
While testing out a new tool I'm working on that uses a variety of OAuth2 providers and thought I’d catalog some of the quirks I came across. This is just for the authorization flow, not for actually making requests once you’ve secured a token. Now that the OAuth2 spec is solidified we should start seeing less and less of these issues.