The goals for the last week were to implement oauth support into osc and add something like a “ttl” so that an access token expires after some time.
In order to implement it into osc I decided to write a simple OAuthHandler class which can be added as an “opener” to urllib2. So it should be possible to add custom “openers” for other protocols (but the interface might change again).
The next action item was to add a ttl for an access token. In fact this was just a “one-liner” (apart from a small migration script). I’m really impressed how easy it was to do this with rails.
One note about the osc integration:
At the moment osc sends all required authentification stuff (e.g. oauth_token etc.) via url parameters: http://0.0.0.0:3000/source/home:Admin?oauth_consumer_key=<key>&oauth_signature_method=HMAC-SHA1… because we cannot use POST requests. It might be “nicer” to add this kind of parameters to the http header – so our plan is to use the standard http authorization or www-authenticate headers (see also here).
Action item for the next week:
- add support to the frontend so that it can handle oauth via the authorization header.
Both comments and pings are currently closed.
