Re: [Snowy] OAuth in Snowy
- From: Stuart Langridge <stuart langridge canonical com>
- To: Sandy Armstrong <sanfordarmstrong gmail com>
- Cc: snowy-list gnome org
- Subject: Re: [Snowy] OAuth in Snowy
- Date: Thu, 11 Jun 2009 15:29:29 +0100
Sandy Armstrong wrote:
>>> 1. The request_token, authorize, and access_token base URLs need to be
>>> done the same way on all implementing servers, *or* we need to have
>>> them specified in the root resource we recently added to the API (this
>>> means one additional request before starting the OAuth process).
>> I personally think that they should be in the same place on each server;
>> rooturl/oauth/authenticate etc. If someone has a massive, massive need
>> to do them elsewhere, they can always add HTTP redirects from the
>> "Tomboy-required" URLs to whatever they want.
>
> Okay, I'm fine with this for now. So the URLs are:
>
> base/oauth/request_token
> base/oauth/authenticate
> base/oauth/access_token
Yep!
>> I specified consumer key and consumer secret for Tomboy as "tomboy" for
>> each. Since it's open source the key and secret are relatively
>> irrelevant, and are not secret (this is a thing about OAuth generally,
>> not specific to our implementation of it); they're like a user-agent
>> string (as you note), so they're useful as an optional "flag" (so you
>> can say "throttle 'tomboy' because it's got a bug in it, or similar).
>
> Okay, that makes a lot of sense (assuming it doesn't somehow hurt
> cryptographic integrity of the rest of the signature stuff). Still,
> all server implementers need to collaborate on those.
Sort of; if you're a server implementor, you could just allow *any*
consumer key/secret combination, rather than limiting it to certain
specific ones?
sil
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
