Implementing Python-OAuth2
Alec Taylor
alec.taylor6 at gmail.com
Tue Oct 11 04:27:42 EDT 2011
Maybe use CAS instead of OAuth?
https://wiki.jasig.org/display/CASC/Pycas
On Tue, Oct 11, 2011 at 7:16 PM, Kayode Odeyemi <dreyemi at gmail.com> wrote:
> On Thu, Oct 6, 2011 at 5:15 PM, Jeff Gaynor <jgaynor at ncsa.illinois.edu>
> wrote:
>>
>> On 10/06/2011 08:34 AM, Kayode Odeyemi wrote:
>>>
>>> Hello friends,
>>>
>>> I'm working on a pretty large application that I will like to use oauth2
>>> on as an authentication and authorization mechanism.
>>>
>>> I understand fairly the technology and I have written my own
>>> implementation before I stumbled on python-oauth2.
>>>
>>> I need advise on leveraging python-oauth2 api for creating consumer key,
>>> creating consumer secret, access token and token secret.
>>>
>> This works well, but be advised that the original python oauth library had
>> some serious issues, so was redone as python-oauth2. What is confusing is
>> that it refers to OAuth version 1.0a, not the upcoming OAuth version 2.0, so
>> make sure you read the right spec before using it, since they are very
>> different indeed.
>>
>> There are *no* usable OAuth version 2..0 implementation in any language
>> (usually Java comes first) that I know of, so you will get to role your own,
>> which is hard. There are a few beta-level versions E.g. Twitter) but these
>> are special cased to the author's needs. The spec itself is not quite ready
>> either and since it has changed quite substantially in the last year, I
>> suspect that everyone is waiting to see it settle to a steady state.
>>
> Jeff, I'm in the middle of a big confusion here and will need your help.
>
> I will like to know, can the request be signed just once and for all
> subsequent request made, I can use the stored nonce, signature method and
> token? My kind of setup is such that, I want the client app to be registered
> once, such that for every request to a resource, as long as the required
> parameters are available in the header (which would have been gotten at the
> initial request), access is granted.
>
> Is this a correct interpretation of Oauth?
>
> Thanks
>
>
>
> --
> Odeyemi 'Kayode O.
> http://www.sinati.com. t: @charyorde
>
>
> --
> http://mail.python.org/mailman/listinfo/python-list
>
>
More information about the Python-list
mailing list