oauth 6.x-3.0-beta4

Breaking changes

Beta 4 includes a major refactoring of the database layer to increase its flexibility and performance. A detailed list of some of the changes can be found below.

Noteworthy changes

The Consumer UI submodule has been removed. Modules consuming external OAuth API:s should provide their own mechanisms for maintaining consumer keys and tokens. In the client SHA1 is now the default hashing mechanisms as this is what the OAuth 1.0 specification is using. If you need SHA512 you need to override the default.

Changes related to database refactoring

• Consumers and tokens no longer rely on their keys for identification but instead on internal numeric ids and eg the link between a token and a consumer is now using these ids. Not relying on the keys for identification also reduces the possibility of conflicts between external provider.
• Keys and secrets are now stored as text columns instead of varchars. The reason for this is that the OAuth specification don't specify any maximum length for them and therefor we can't know for sure that they will fit into a varchar. A new column for the sha1-hashes of a key has been added to make key lookup easier.
• The provider specific data has been separated from the tables that are shared between provider and client - this means that pure clients no longer have to load empty data columns related to the provider.
• /oauth/authorized should now receive a parameter with one of the new consumer ids so it can link the token to its consumer. This is to avoid conflicts between tokens from different external providers.

Functions removed

• oauth_common_provider_token_load()
• oauth_common_consumer_consumer_load()
• oauth_common_get_tokens
• oauth_common_get_user_tokens()

Functions with changed syntax

• oauth_common_provider_token_load()
• oauth_common_consumer_load()
• oauth_common_user_consumers()
• DrupalOAuthToken::_construct() *Contains backwards compatability
• DrupalOAuthToken::write()
• DrupalOAuthToken::deleteToken()
• DrupalOAuthToken::fromResult() *Contains backwards compatability
• DrupalOAuthDataStore::lookup_token()
• DrupalOAuthConsumer::__construct() *Contains backwards compatability
• DrupalOAuthConsumer::write()
• DrupalOAuthConsumer::deleteConsumer()

New functions

• oauth_common_get_user_provider_tokens()
• DrupalOAuthToken::loadByKey()
• DrupalOAuthToken::loadById()
• DrupalOAuthConsumer::loadById()
• DrupalOAuthConsumer::loadProviderByKey()

Deprecated functions

• DrupalOAuthToken::load()
• DrupalOAuthConsumer::load()

Classes with changed variables

• DrupalOAuthConsumer
• DrupalOAuthToken

All changes since 6.x-3.0-beta3

• by voxpelli: Better coding style
• #1002482: token_key column not large enough
  by voxpelli: Large database refactoring focused on basing relations on internal id numbers
• by voxpelli: Improved nonces, nonces can now be longer and too long nonces will throw errors
• by voxpelli: Removed consumer UI as it became complicated with new DB and there's no apparent need for it
• by voxpelli: Updated to use Autoload 6.x-2.0:s D7 backport for specifying included classes
• by voxpelli: Don't show key/secret on consumer adding
• #1017220: Deactivate body_hash-checking when Inpustream isn't installed
  by voxpelli: Deactivated body_hash-checking when Inpustream isn't installed
• #1024812: Cannot delete a consumer: "Call to a member function delete() on a non-object"
  by voxpelli: Fix for deleting consumer
• #857584: Make SHA1 the default signature method
  by voxpelli: Make SHA1 the default signature method in client