Move to OAuth2 Authentification

[akuma06]

For security reasons and to be able to provide more user-specific features to the app, the nyaa API 1.2 will introduce a new way to login. This will be done by a standard OAuth2 Autorization server and a Consent Server. I'm doing the code for it. The oauth2 api will completely follow the oauth2 standard.

The api endpoints will be:

• https://nyaa.pantsu.cat/oauth2/auth <- for displaying a login form and a grant form. Redirect to a redirect_uri when granted with a token
• https://nyaa.pantsu.cat/oauth2/token <- can be used to refresh a token or to login directly with username/password in POST request
• https://nyaa.pantsu.cat/oauth2/revoke <- to revoke a token
• https://nyaa.pantsu.cat/oauth2/introspect <- to introspect the granted access of a token

Now that I have implemented the oauth api part on nyaa, I would like which authorization flow should we use? @ltype @xdk78 For example we can either display a a web form from https://nyaa.pantsu.cat/oauth2/auth, let the website handle the login + the grant and then take the token at the end. Or we can use our own login form and directly send the credentials to the token api url to get the token.

Moreover I would like some ideas on where should we put the API_KEY and API_SECRET (private key) in the code. Since we need to have them available here for travis to compile our releases.

[akuma06]

Updated status, need some feedback @xdk78 @ltype

Edit: I also found those two libraries for the oauth workflow https://github.com/openid/AppAuth-Android https://github.com/wuman/android-oauth-client

[xdk78]

@akuma06 so, when Pantsu(website) api will be ready for OAuth?

[akuma06]

I have a lot of work on my end recently so, as soon as I'm free ^^'. But website part is already functional. We only need to implement it in the app