Re: [Snowy] OAuth in Snowy

From: Stuart Langridge <stuart langridge canonical com>
To: Sandy Armstrong <sanfordarmstrong gmail com>
Cc: snowy-list gnome org
Subject: Re: [Snowy] OAuth in Snowy
Date: Thu, 11 Jun 2009 16:43:16 +0100

Sandy Armstrong wrote:
>> Sort of; if you're a server implementor, you could just allow *any*
>> consumer key/secret combination, rather than limiting it to certain
>> specific ones?
> 
> Well, that won't really work unless you always use PLAINTEXT, as the
> consumer secret is part of the signature key and should be a known
> entity.

d'oh, and you are correct, ignore me :)

> However, per the OAuth spec:
> 
> "The Consumer Secret MAY be an empty string (for example when no
> Consumer verification is needed, or when verification is achieved
> through other means such as RSA)."
> 
> Maybe that's the best approach.

Could be, but piston doesn't currently support empty secrets (which is
why I used tomboy/tomboy rather than tomboy/"". That ought to be
fixable; tbh if it's not then we tell everyone that your Consumer Secret
must be the string "secret" :-)

> Do we know if django-piston supports automatically adding new consumer
> keys that appear in requests?  Probably not...we should probably
> implement that part ourselves.

Shouldn't be too difficult...

sil

References:
- Re: [Snowy] OAuth in Snowy
  - From: Stuart Langridge
- Re: [Snowy] OAuth in Snowy
  - From: Sandy Armstrong
- Re: [Snowy] OAuth in Snowy
  - From: Stuart Langridge
- Re: [Snowy] OAuth in Snowy
  - From: Sandy Armstrong
- Re: [Snowy] OAuth in Snowy
  - From: Sandy Armstrong
- Re: [Snowy] OAuth in Snowy
  - From: Stuart Langridge
- Re: [Snowy] OAuth in Snowy
  - From: Sandy Armstrong
- Re: [Snowy] OAuth in Snowy
  - From: Stuart Langridge
- Re: [Snowy] OAuth in Snowy
  - From: Sandy Armstrong

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]