Re: [Snowy] OAuth in Snowy

On Thu, 2009-06-25 at 05:31 -0700, Sandy Armstrong wrote:
> On Thu, Jun 25, 2009 at 4:46 AM, Brad Taylor<brad getcoded net> wrote:
> > Hey Sandy,
> >
> >> Well, that won't really work unless you always use PLAINTEXT, as the
> >> consumer secret is part of the signature key and should be a known
> >> entity.
> >>
> >> However, per the OAuth spec:
> >>
> >> "The Consumer Secret MAY be an empty string (for example when no
> >> Consumer verification is needed, or when verification is achieved
> >> through other means such as RSA)."
> >>
> >> Maybe that's the best approach.
> >>
> >> Do we know if django-piston supports automatically adding new consumer
> >> keys that appear in requests?  Probably not...we should probably
> >> implement that part ourselves.
> >
> > Have you guys sorted this secrets issue out yet?  Also, have you had a
> > chance to work on the Tomboy component of the OAuth support?  I wonder
> > if we can make piston support both HTTP and OAuth for the time being so
> > we can get this patch committed.
> Well, since Piston doesn't seem to support empty secrets, we'll
> probably just make an "everybody" secret as Stuart suggests.
> I worked on Tomboy/OAuth a bit the other day, and it is coming along.
> I think I just need about half a day to finish it up.
if there's anything I can do to help you (given I know almost nothing
about OAuth), please let me know.
Rodrigo Moya <rodrigo gnome-db org>

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]