OAuth docs

[hadley]

To do:

• Add a section on caching that's inherited across all pages
• Check all args passed through
• Move cache_key and cache_disk to end of arg list
• Review reference index
• Update vignette

Fixes #330

[hadley]

@llrs please take a look and let me know if this makes it more clear how to actually authenticate a request with OAuth.

@maelle I'd love your feedback too, if you have time.

[llrs]

I see that now most of the documentation has moved to the req_oauth_auth_code help page and then some sections reused in other pages (But there are some missing the cache section).

I see oauth_flow_auth_code_url is now internal but not oauth_flow_auth_code_listen, oauth_flow_auth_code_parse or oauth_flow_auth_code_pkce. I'm not sure if this was on purpose or not.

I've left some comments in the vignette.
There is also a comment on a help page that hasn't changed in this PR, but I think it is in line with the title of the PR, and might help too other readers.

Thanks for keeping me in the loop.

---

I tried building the pkgdown to easily review the changes but I couldn't build it:

pkgdown::build_site()
## ...
## Reading 'vignettes/httr2.Rmd'
## -- RMarkdown error -------------------------------------------------------------
## 
## Quitting from lines 35-37 [unnamed-chunk-2] (httr2.Rmd)
## --------------------------------------------------------------------------------
## Error: 
## ! in callr subprocess.
## Caused by error in `map(.x, .f, ..., .progress = .progress)`:
## ! In index: 3.
## ℹ See `$stdout` for standard output.
## Type .Last.error to see the more details.

[hadley]

Thanks @llrs! All the flows that can use caching should have the caching section, but quite a few don't support caching.

FWIW it's not the functions that are internal or doc, but the doc page, and all those functions are documented together.

[maelle]

Great to see more OAuth docs!

Before reviewing I re-read my own blog post and saw that in a comment I had wondered whether things would be simpler with httr2 😉 r-hub/blog#155 (comment)

I added a few comments.

[maelle]

also point to the community forum? it might be less intimidating.

[hadley]

Less intimidating, but I don't read them so also less helpful 😆

[maelle]

this reminds me of one topic that is often a hurdle: how to use OAuth on a server, how to provide the token (maybe just a link to https://gargle.r-lib.org/articles/managing-tokens-securely.html since it shows the idea)

[jonthegeek]

This is great! It balances "oauth is hard and weird" vs "don't be afraid to play with it" well.

[jonthegeek]

Even better! My biggest stumbling block learning oauth was getting past "But why are there all these steps???" The hierarchy of tokens helps with that quite a lot! Maybe mention "authorization code" in there as well (as the super short-lived but most capturable one)?

[maelle]

Very useful new section! I added a few more comments, in particular about the refresh token.

[jonthegeek]

Just a couple typos.

[jennybc]

FWIW it feels like Google thinks of "your piece of software / your project" as the application and then that application might make use of multiple clients, e.g. a desktop client, a web client, etc.

The vocabulary is sort of a nightmare, so, yeah, the main point is preparing an R user to not recognize themselves or their use case in any of the documentation.

[jonthegeek]

Typo in news. I think I got the correct name for the deprecated function.

[jonthegeek]

Suggested change

	* `req_perform_stream()` replaces `req_perform_stream()`. `req_perform_stream()`
	* `req_perform_stream()` replaces `req_stream()`. `req_stream()`