The initial version of the friend invite and accept protocol is complete. It has undergone five revisions but we’ve finally settled on a version that works well with OAuth 2.0.
One of the challenges in working with the OAuth 2 protocol is that it has been designed with large services in mind. When a third party wants to interact with users on such a service, they first need to register with the service to get a client ID and client secret. This, then, becomes their identity when dealing with the service and its users.
The difficulty with OC is that it’s a distributed system. If profile A is on one provider and they want to add a friend (profile B) on another provider, these two providers have to interact with each other. Not only do the providers have to cooperate, but their users will be using OAuth 2 to invite friends and accept or decline friend invites. This means that each provider has to have a client ID/secret issued by the other provider.
This is the interaction that the friend invite portion of the OC protocol facilitates. Once the client IDs and secrets are exchanged, then the normal OAuth 2 mechanism is used to invite and accept.
We’ll be publishing the details of the protocol, along with sequence diagrams, etc. to help illustrate it once we’re a little further along.
