Home Home > 2009 > 05 > 29 > GSoC – summary of this week’s meeting
Sign up | Login

GSoC – summary of this week’s meeting

May 29th, 2009 by

In the last days I had a closer look at the oauth rails plugin which requires some methods from the restful_authentification module. As the obs frontend doesn’t use this module we need to provide our own implementations of these methods. Fortunately it only uses a handful of methods (like authorized?, login_required, logged_in?, current_user etc.) so it shouldn’t be too hard to get it working without the restful_authentication module.

Another thing on my todo list was to look for possible workarounds for the session fixation attack. According to this thread it’ll be fixed in a new revision of the oauth spec. So after the user grants access to a specific application the oauth provider redirects the user to a callback url (if it’s specified by the consumer). Additionally it adds a parameter to this url (called oauth_verifier) which has an unpredictable value – so an attacker has no chance to “take over the session” (this is just a short summary – for more details have a look at the spec).

Last but not least I finished the test application and played around with it.

TODO:

  • start integrating oauth into the frontend
  • play around with the python library

Btw. my mentor pointed me to an interesting railscast about authlogic – it gives a great overview about this module.

Both comments and pings are currently closed.

Comments are closed.