Upcoming: Moving to OAuth 2

With the upcoming completion and release of Project PURR, we are announcing that we will move away from OAuth 1.0 and move to OAuth 2.0.

For context, OAuth is an open protocol that permits third party applications and websites to use your login credentials without you having to reveal those credentials to the third parties.  For example, WickedCoolService.com wants to use your Open Hub data — your stacks and claimed projects.  Instead of you telling WickedCoolService.com your Open Hub user name and password, WickedCoolService.com opens up a window to OpenHub, lets you log in to our site and we securely transfer a token to WickedCoolService.com that it can use to get access to your data.

We have been providing OAuth version 1.0a and with the upgrade to new versions of Ruby and Rails, we decided to upgrade our implementation as well to be OAuth 2.0 compliant.  Please note that OAuth 2.0 is not compatible with OAuth 1.0.  Any applications that use the Ohloh OAuth 1.0 service will need to update their code to OAuth 2.0.  As with our OAuth 1.0 service, we will be releasing a reference Sinatra application that uses OAuth 2.0 when Project PURR is released.

Please contact us through our forums with any questions about OAuth.

About Peter Degen-Portnoy

Mars-One Round 3 Candidate. Engineer on the Open Hub development team at Black Duck Software. Family man, athlete, inventor
  • Kaz Nishimura

    I tried and it worked if I use the Basic authentication for the token request phase. I tried to send the consumer key and secret as the request parameters in the first try.

  • Kaz Nishimura

    I made a comment by mistake and removed it now. Excuse me for my mistake.

  • simovelichkov

    Hi, Peter

    I’m seeing that https://www.openhub.net/oauth/authorize is the correct authorize URL for OAuth2, but what is the correct access token url?

    https://www.openhub.net/oauth/access_token doesn’t seems to work.