Re: [Snowy] OAuth in Snowy
- From: Sandy Armstrong <sanfordarmstrong gmail com>
- To: Brad Taylor <brad getcoded net>
- Cc: snowy-list gnome org
- Subject: Re: [Snowy] OAuth in Snowy
- Date: Thu, 25 Jun 2009 05:31:59 -0700
On Thu, Jun 25, 2009 at 4:46 AM, Brad Taylor<brad getcoded net> wrote:
> Hey Sandy,
>
>> Well, that won't really work unless you always use PLAINTEXT, as the
>> consumer secret is part of the signature key and should be a known
>> entity.
>>
>> However, per the OAuth spec:
>>
>> "The Consumer Secret MAY be an empty string (for example when no
>> Consumer verification is needed, or when verification is achieved
>> through other means such as RSA)."
>>
>> Maybe that's the best approach.
>>
>> Do we know if django-piston supports automatically adding new consumer
>> keys that appear in requests? Probably not...we should probably
>> implement that part ourselves.
>
> Have you guys sorted this secrets issue out yet? Also, have you had a
> chance to work on the Tomboy component of the OAuth support? I wonder
> if we can make piston support both HTTP and OAuth for the time being so
> we can get this patch committed.
Well, since Piston doesn't seem to support empty secrets, we'll
probably just make an "everybody" secret as Stuart suggests.
I worked on Tomboy/OAuth a bit the other day, and it is coming along.
I think I just need about half a day to finish it up.
If you can enable HTTP *and* OAuth, that sounds like a good approach.
Better to have this code in git than rotting on the mailing list, if
it does no harm to have it in git.
Sandy
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
