Roku Developer Program

Developers and content creators—a complete solution for growing an audience directly.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
danb
Level 7

OAuth2 examples

I am in need of an example of OAuth2 being used in a roku channel. In the past with node applications I have used the node OAuth2 module https://github.com/ciaranj/node-oauth. I have searched the forums high and low, as well as looked through examples and scoured github for an example. My research turned up nothing. Any devs here have something they can share? Thanks!
0 Kudos
4 REPLIES 4\
RokuChris
Roku Employee
Roku Employee

Re: OAuth2 examples

There's some OAuth code in the Twitter example. viewtopic.php?f=34&t=48453
0 Kudos
danb
Level 7

Re: OAuth2 examples

I believe the twitter OAuth example is out of date. It is using OAuth 1.0 and is not currently functioning.

Unless I am not seeing something, it is not a helpful example for connecting to a service that uses OAuth2. Any other examples or resources available?
0 Kudos
RokuJoel
Roku Employee
Roku Employee

Re: OAuth2 examples

It depends of course on the flavor of OAuth2 - I've implemented Oauth2 for a Roku app a few years ago, generally speaking it was pretty easy, much easier than Oauth1.0/1.1

Usually you just need to generate the https request using your secret key and developer key, and the User's username and password, and store the auth key and refresh key in the registry when it is returned, so this only requires some very simple string manipulation.

This doesn't work so well if you have a flavor of auth that doesn't allow for browserless devices, the user can wind up typing in a ridiculously long string of characters on their Roku Remote, or going to a web browser and typing it in the address bar there.

Some Oauth2 flavors like Google's provide a somewhat more user friendly string that the user can type into a web browser.

Some channels implement an authentication scheme where you go to the channels website and link the website to your account and the website then proxy's all the data between the service and the device. This approach essentially requires that you trust the website of the developer, instead of trusting the device itself, which for me, is easier to swallow - I know how the device secures data, I don't know how or if a third party website intermediary will secure my data.

Contact me via PM if you need more help with getting started on this and want to keep some details of your implementation private.

- Joel
0 Kudos
RokuChris
Roku Employee
Roku Employee

Re: OAuth2 examples

"danb" wrote:
I believe the twitter OAuth example is out of date. It is using OAuth 1.0 and is not currently functioning.

Unless I am not seeing something, it is not a helpful example for connecting to a service that uses OAuth2. Any other examples or resources available?


As mentioned in that thread, the OAuth piece was still working correctly last time I checked. What was outdated is the Twitter specific logic which was developed to work with v1.0 of the Twitter API. The API versioning is independent of the OAuth version.
0 Kudos