I recently revisited some OAuth / REST API stuff in a utility and, as an experiment, tried to to use as many of the enhanced JUCE classes as I could to replace the custom network stuff I used before.
For the most part it was painless, though JUCE’s newer Base64 class doesn’t have an overload of toBase64 that takes a const MemoryBock&. I also didn’t see a way to replace my HMAC-SHA1 function.
The one snag that I ran into is that URL::AddEscapeChars appears to encode to some variant of RFC1738. Many OAuth sites/APIs have gotten quite picky and expect RFC3986 parameter encoding, both as submitted and in the signature string.
To get WebInputStream / URL::CreateInputStream to work with all three OAuth sites I tried I had to tweak the existing call like this:
String URL::addEscapeChars (const String& s, const bool isParameter, bool roundBracketsAreLegal)
{
String legalChars (isParameter ? "_-.~" // "_-.*!'"
: ",$_-.*!'");
Params are percent encoded for everything but the 4 unreserved characters listed in RFC3986.
https://tools.ietf.org/html/rfc3986#page-13
The built in call had to be changed because WebInputStream uses it to create Post data, etc.
Maybe not a big deal for most users, but it was the one thing besides HMAC-SHA1 that stopped me from dropping a bunch of custom modules (base64, url, network, JSON, etc.) and native JUCE.