AuthSub is the authorization API Google uses for many of its products, meaning you can use it to ask a user to provide access to their private youtube listings, calendar entries etc without forcing them to hand over their password. The protocol is actually pretty simple and implementing it using clj-http was straight forward, except for one thing: clj-http always puts the connection port number in the Host header (which by the way is completely valid according to the HTTP/1.1 spec), but some google applications (notably, youtube) do not like that, giving a crypic HTTP status 401 “AuthSub token has the wrong scope” error. Figuring out the problem took a couple of hours given that that idiosyncrasy is not documented anywhere and I had to figure it out from some comments in the Python client for AuthSub.
With that issue out of the way, I’ve released clj-authsub version 0.1.0. It’s minimal and currently doesn’t support signed/secure tokens, but it works.