Package simple-oauth2.🔗ℹ

This package provides an implementation of a full client (both flow-based and request-based) for OAuth 2.0 protected resources with a framework for both authorization and resource servers to follow. It implements, or references, the following set of OAuth 2.0 standards:

1. The OAuth 2.0 Authorization Framework, which implies The OAuth 2.0 Authorization Framework: Bearer Token Usage

2. OAuth 2.0 for Native Apps

3. Proof Key for Code Exchange (PKCE) by OAuth Public Clients

4. OAuth 2.0 Token Revocation

5. OAuth 2.0 Token Introspection

In the same way as RFC6749, this implementation "defines the use of bearer tokens over HTTP/1.1 [RFC2616] using Transport Layer Security (TLS) [RFC5246] to access protected resources." No implementation is provided other than HTTP/1.1.

Racket already provides two packages with embedded OAuth implementations, 1) webapi - Implementations of a few web APIs, including OAuth2, PicasaWeb, and Blogger, and 2) google - Google APIs (Drive, Plus, .... The difference between these and simple-oauth2 is an intent to be an extensible framework that as well as providing clear implementations of the specific requests and the grant flows, also provides a credential store for client and token persistence. The package also provides example command-line tools for accessing common services.