New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement OAuth authorization for Inoreader #35
Comments
There is also oauth2cpp. However, it is version 0.1 and the given status is "work in progress", with no commits since two years, so it looks dead. |
#61 unearthed a new constraint: Feedly issues OAuth tokens for apps, not users, so we can't bake them into our code like we do with Inoreader. Just something to keep in mind. |
The Inoreader support as currently documented (requiring the user to register their own application with Inoreader to get an API key) is no longer usable. This is the response I got from Inoreader support:
|
Thank you for the heads-up! The situation looks similar to Feedly: we can't embed secret tokens because the code is open, and nobody wants to operate a proxy that would keep the token. I wrote to support asking if they can suggest any other schemes, or perhaps allow to authenticate with just the user's email and password. Let's see what happens. |
For what it's worth Newsflash has seemingly working Inoreader integration, no idea how it's implemented: https://gitlab.com/news-flash/news_flash_gtk |
They embed secrets in the code: https://gitlab.com/news-flash/news_flash/-/blob/3de1cd46bcef56085a51374c86428f391d5704a7/src/feed_api_implementations/inoreader/oauth.rs#L16-17 =\ We used to do the same thing with Inoreader (with ClientLogin credentials), but moved away from this approach because of the rate limits. Newsboat is not really a client, it generates more traffic than a thin client would. So I don't think we can do this with OAuth2 (even if we forget about the security implications for a moment). |
Oops, I never updated this issue when I got a response from Inoreader! They did answer within 3 days as promised. I'm not sure I am allowed to quote in full, so I'll summarize their points:
I still don't want to operate the proxy. |
Document Inoreader support limitations Cf. #35 Co-authored-by: Lyse <github@lyse.isobeef.org>
Inoreader support (#22) uses ClientLogin for user authentication, but Inoreader developers themselves point out that OAuth should be preferred. Newsboat also needs OAuth for other remote APIs, so Inoreader might well become an API that leads the way.
Since we're probably going to have more OAuth APIs, I don't mind adding a dependency on a library that implements OAuth-specific tasks. I looked at liboauthcpp, but it only supports OAuth 1.0a (Inoreader uses 2.0). There are a few others that require Qt, and that seems to be it. A bit more time spent on search won't hurt.
The text was updated successfully, but these errors were encountered: