I believe this implements OAuth 2 for Twisted using Twisted Cred: https://github.com/simplegeo/txoauth -J On Thu, Mar 10, 2011 at 2:16 PM, George Pauly <george@ringdevelopment.com> wrote:
Allen,
In my very limited experience with Twisted,
On Thu, 2011-03-10 at 14:01 -0600, Allen Bierbaum wrote:
I have been looking into this further and decided on an API that works as follows:
- Use HTTPS for all requests - POST to /session to create a new session token - pass in username and password as parameters - returns token string to be used for all further communication
In the non-https case, roll a salt and other items (ip address, user agent, etc) into a secondary session key on the server.
- All further requests must have the token string which is used to lookup the user/session - on the server, the token will map to a user object to give me information about their access rights, etc.
that's all I've ever needed: use the session key (token) to access an object array - the accessed object has all the twisty magic.
Now the question is how does this fit into twisted's view of the world. The twisted web in 60 seconds tutorials [1] seem focused on using HTTP Auth for credential checking and a internal cookie (TWISTED_SESSION) for session management. Is there an easy way to adapt these to my needs or do I need to roll my own code for this type of twisted.web usage?
Now you've gone back to credentials - this is outside of my experience with Twisted. Sessions are simple enough with Python alone in a twisted app. I'll need to use credentials soon so I hope you get an answer.
Anybody using OpenID or webID instead of login/password? Could be better...
-Allen
George -- George Pauly Ring Development www.ringdevelopment.com
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python