Pelle Braendgaard posted to the OAuth Ruby list today announcing the that the 0.3 version of the OAuth Ruby Gem has been released:

This is the community barn fixing release of the OAuth Gem. The primary purpose of this release is to fix all the little issues people have discovered while actually using OAuth in the real world.

A concerted effort has also been made to create much better testing of all the low level operations, such as encoding, normalization etc. There are much improved tests that follow the spec closely.

There is also a new oauth command line utility, which makes it easy to test oauth requests from your shell.

The official home page of the ruby library is:

http://oauth.rubyforge.org/

The main git repository is:

http://github.com/pelle/oauth/tree/master

Many people have been involved in this release, here are the primary contributors and the changelog:

• Support ActionController::Request from Edge Rails (László Bácsi)
• Correctly handle multi-valued parameters (Seth)
• Added #normalized_parameters to OAuth::RequestProxy::Base (Pelle)
• OAuth::Signature.sign and friends now yield the RequestProxy instead of the token when the passed block’s arity is 1. (Seth)
• Token requests are made to the configured URL rather than generating a potentially incorrect one. (Kellan Elliott-McCrea)
• Command-line app for generating signatures. (Seth)
• Improved test-cases and compatibility for encoding issues. (Pelle)

In an effort to make it easier to debug your OAuth calls — and interact with Google’s OAuth-protected resources — Google Data APIs engineer Eric Bidelman released the OAuth Playground today along with a comprehensive article on using OAuth with the GData APIs.

Along with the article and playground, Google now supports HMAC-SHA1 signing.

The first is a component for CakePHP for accessing services with OAuth called OAuth component for CakePHP (points for creativity!).

Second, Madgex has released a new open source OAuth library for .NET (also released under the MIT License), along with some interesting demos using Fire Eagle, the Google Contacts API and microformats. Documentation is here.

Good stuff!

Here’s draft 1 of the OAuth Session extension which was discussed at the OAuth Summit.

This extension allows SPs to issue Access Tokens that can expire during the duration that the consumer is authorized, and defines a workflow for consumers to automatically refresh their Access Tokens. Additionally, this extension defines a mechanism for Consumers to request access to additional Protected Resources offered by the same Service Provider after being initially authorized.

We also added a interface for Consumers to tell the SP to invalidate its credentials.

Feedback and comments would be appreciated.

If you’re interested in providing feedback, please join the list and let your thoughts be known before this moves into subsequent drafts towards the final version!

According to the proposed new features list for WordPress 2.7, OAuth should be coming to WordPress core.

This follows a tweet from Matt Mullenweg indicating his desire to add support for the protocol a month ago.

Kellan Elliot-McCrea and Rabble presented Beyond Rest: Building Data Services with XMPP PubSub earlier today at OSCON in Portland. Aside from an interesting anecdote about FriendFeed’s polling habits against Flickr, the pair also revealed the consensus coming out of the XMPP Summit on how to perform OAuth token exchange over XMPP.

Kellan notes:

Defenese against MITM, and replay-ability are inherited from the Jabber transport, so the consensus of those of us present was that we only needed to prove possession of the consumer and token secrets.

This moves us ever closer to being able to use XMPP as a reliable and effective OAuth transport mechanism, not to mention standardizing authenticated data streams between unaffiliated endpoints.

we are pleased to announce the release of an OCaml binding to the API. You can find it on our developer downloads page.

As part of our API design we decided to use OAuth, so you can allow applications to access your data without giving away your Skydeck username and password. We are also pleased to announce the release of ooauth, an OCaml implementation of OAuth.

Ooauth implements both the consumer and service provider parts of OAuth (we use it in our server and in the API binding above), so you can use it to implement your own API or to consume the many APIs that use OAuth, such as the Google Data APIs. It is also available on the developer downloads page.

I just wanted to officially announce the release of OAuth for Spring Security. I’ve had a working implementation now for quite some time, but I wanted to delay the official release until Spring Security 2.0 was released.

My hope is that this new library will make OAuth more accessible to the Java development community, a large percentage of which is already using Spring and Spring Security. I suspect that this will also make OAuth accessible to users of Grails (which is also built on Spring).