It depends of course on the flavor of OAuth2 - I've implemented Oauth2 for a Roku app a few years ago, generally speaking it was pretty easy, much easier than Oauth1.0/1.1
Usually you just need to generate the https request using your secret key and developer key, and the User's username and password, and store the auth key and refresh key in the registry when it is returned, so this only requires some very simple string manipulation.
This doesn't work so well if you have a flavor of auth that doesn't allow for browserless devices, the user can wind up typing in a ridiculously long string of characters on their Roku Remote, or going to a web browser and typing it in the address bar there.
Some Oauth2 flavors like Google's provide a somewhat more user friendly string that the user can type into a web browser.
Some channels implement an authentication scheme where you go to the channels website and link the website to your account and the website then proxy's all the data between the service and the device. This approach essentially requires that you trust the website of the developer, instead of trusting the device itself, which for me, is easier to swallow - I know how the device secures data, I don't know how or if a third party website intermediary will secure my data.
Contact me via PM if you need more help with getting started on this and want to keep some details of your implementation private.
- Joel
