You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@wookie.apache.org by Ross Gardler <rg...@opendirective.com> on 2012/01/05 22:52:52 UTC
Documenting the OAuth feature
I'm a complete newbie with OAuth and I'm finding the OAuth feature in
wookie hard to understand, we really need some documentation.
Would it be possible for someone to document how to create a widget
that will connect to an OAuthed service. I'm particularly interested
in the BufferApp API [1] which is an OAuth 2 implementation. However,
any form of documentation would be greatly appreciated. In return I
will make sure the docs go on the web and (at some undefined point in
the future) build it into the templates system.
Ross
[1] http://bufferapp.com/developers/api/oauth
--
Ross Gardler (@rgardler)
Programme Leader (Open Development)
OpenDirective http://opendirective.com
Re: Documenting the OAuth feature
Posted by Scott Wilson <sc...@gmail.com>.
On 9 Jan 2012, at 14:16, Minh Tien Hoang wrote:
> Hi Ross,
> There are 3 profiles described in oAuth specification which regulate the authorization workflow differently: authorization code, implicit grant and resource owner password credentials. Current wookie trunk supports "implicit grant" workflow, for this workflow, we need to input 2 parameters: URL end point of authorization server and client id. Right now, the URL endpoint is specified in widget configuration file, client id is generated automatically (equals to widget instance id). So the process of creating widget is:
> * generate the widget with ant seed-widget
> * add URL endpoint of oauth authorization server in configuration file
> * when develop widget, use the function oAuth.authenticate() to begin authentication process to obtain the access token.
> * when ever access the OAuthed service, use the function oAuth.proxify(url) to have a proxified with access token of destination url.
> But please note that client registration protocol is not in the scope of oAuth 2 specification so the implementation could be different depending on the client registration protocol implemented at server side.
> As I see in bufferapp.com, it is now supports authorization code workflow so with current implementation, wookie doesn't support. But I recently know that facebook supports implicit grant. So I will return lately with an example widget and patch if necessary.
Thanks Tien - also if we can create a Facebook example widget using the oAuth feature that would make a fantastic starting point for developers wanting to use it.
> Best,
> Tien.
>
> Le 05 Jan 2012 à 22:52, Ross Gardler a écrit :
>
>> I'm a complete newbie with OAuth and I'm finding the OAuth feature in
>> wookie hard to understand, we really need some documentation.
>>
>> Would it be possible for someone to document how to create a widget
>> that will connect to an OAuthed service. I'm particularly interested
>> in the BufferApp API [1] which is an OAuth 2 implementation. However,
>> any form of documentation would be greatly appreciated. In return I
>> will make sure the docs go on the web and (at some undefined point in
>> the future) build it into the templates system.
>>
>> Ross
>>
>> [1] http://bufferapp.com/developers/api/oauth
>>
>> --
>> Ross Gardler (@rgardler)
>> Programme Leader (Open Development)
>> OpenDirective http://opendirective.com
>
Re: Documenting the OAuth feature
Posted by Ross Gardler <rg...@opendirective.com>.
Once again, thank you Minh for this contribution. I've committed the
code and your documentation in the issue is now on the main site (see
http://incubator.apache.org/wookie/docs/developer/features/oauth.html)
Ross
On 30 January 2012 09:01, Ross Gardler <rg...@opendirective.com> wrote:
> On 27 January 2012 22:57, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>>
>> Le 27 Jan 2012 à 15:32, Ross Gardler a écrit :
>>
>>> On 9 January 2012 14:21, Ross Gardler <rg...@opendirective.com> wrote:
>>>> On 9 January 2012 14:16, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>>>>
>>>> ...
>>>>
>>>>> As I see in bufferapp.com, it is now supports authorization code workflow so with
>>>>> current implementation, wookie doesn't support. But I recently know that facebook
>>>>> supports implicit grant. So I will return lately with an example widget and patch if
>>>>> necessary.
>>>>
>>>> Brilliant - thank you for this and your other feedback. Very helpful.
>>>
>>> Any progress on this? I don't mean to nag, I'm happy to help if you
>>> have made a start but run out of time, partially complete patches can
>>> be supplied. If there's been no time to even start yet then ignore my
>>> nags.
>>>
>>
>>> Ross
>>
>> Hi Ross,
>> The patch is ready. I added that here https://issues.apache.org/jira/browse/WOOKIE-307 with some instruction for building a new widget that access oauthed service. Sorry for being too late :)
>
> Thank you so much - I'll review this later today.
>
> Ross
>
>
> --
> Ross Gardler (@rgardler)
> Programme Leader (Open Development)
> OpenDirective http://opendirective.com
--
Ross Gardler (@rgardler)
Programme Leader (Open Development)
OpenDirective http://opendirective.com
Re: Documenting the OAuth feature
Posted by Ross Gardler <rg...@opendirective.com>.
On 27 January 2012 22:57, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>
> Le 27 Jan 2012 à 15:32, Ross Gardler a écrit :
>
>> On 9 January 2012 14:21, Ross Gardler <rg...@opendirective.com> wrote:
>>> On 9 January 2012 14:16, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>>>
>>> ...
>>>
>>>> As I see in bufferapp.com, it is now supports authorization code workflow so with
>>>> current implementation, wookie doesn't support. But I recently know that facebook
>>>> supports implicit grant. So I will return lately with an example widget and patch if
>>>> necessary.
>>>
>>> Brilliant - thank you for this and your other feedback. Very helpful.
>>
>> Any progress on this? I don't mean to nag, I'm happy to help if you
>> have made a start but run out of time, partially complete patches can
>> be supplied. If there's been no time to even start yet then ignore my
>> nags.
>>
>
>> Ross
>
> Hi Ross,
> The patch is ready. I added that here https://issues.apache.org/jira/browse/WOOKIE-307 with some instruction for building a new widget that access oauthed service. Sorry for being too late :)
Thank you so much - I'll review this later today.
Ross
--
Ross Gardler (@rgardler)
Programme Leader (Open Development)
OpenDirective http://opendirective.com
Re: Documenting the OAuth feature
Posted by Minh Tien Hoang <mi...@fundp.ac.be>.
Le 27 Jan 2012 à 15:32, Ross Gardler a écrit :
> On 9 January 2012 14:21, Ross Gardler <rg...@opendirective.com> wrote:
>> On 9 January 2012 14:16, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>>
>> ...
>>
>>> As I see in bufferapp.com, it is now supports authorization code workflow so with
>>> current implementation, wookie doesn't support. But I recently know that facebook
>>> supports implicit grant. So I will return lately with an example widget and patch if
>>> necessary.
>>
>> Brilliant - thank you for this and your other feedback. Very helpful.
>
> Any progress on this? I don't mean to nag, I'm happy to help if you
> have made a start but run out of time, partially complete patches can
> be supplied. If there's been no time to even start yet then ignore my
> nags.
>
> Ross
Hi Ross,
The patch is ready. I added that here https://issues.apache.org/jira/browse/WOOKIE-307 with some instruction for building a new widget that access oauthed service. Sorry for being too late :)
Tien.
Re: Documenting the OAuth feature
Posted by Ross Gardler <rg...@opendirective.com>.
On 9 January 2012 14:21, Ross Gardler <rg...@opendirective.com> wrote:
> On 9 January 2012 14:16, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
>
> ...
>
>> As I see in bufferapp.com, it is now supports authorization code workflow so with
>> current implementation, wookie doesn't support. But I recently know that facebook
>> supports implicit grant. So I will return lately with an example widget and patch if
>> necessary.
>
> Brilliant - thank you for this and your other feedback. Very helpful.
Any progress on this? I don't mean to nag, I'm happy to help if you
have made a start but run out of time, partially complete patches can
be supplied. If there's been no time to even start yet then ignore my
nags.
Ross
Re: Documenting the OAuth feature
Posted by Ross Gardler <rg...@opendirective.com>.
On 9 January 2012 14:16, Minh Tien Hoang <mi...@fundp.ac.be> wrote:
...
> As I see in bufferapp.com, it is now supports authorization code workflow so with
> current implementation, wookie doesn't support. But I recently know that facebook
> supports implicit grant. So I will return lately with an example widget and patch if
> necessary.
Brilliant - thank you for this and your other feedback. Very helpful.
Ross
> Best,
> Tien.
>
> Le 05 Jan 2012 à 22:52, Ross Gardler a écrit :
>
>> I'm a complete newbie with OAuth and I'm finding the OAuth feature in
>> wookie hard to understand, we really need some documentation.
>>
>> Would it be possible for someone to document how to create a widget
>> that will connect to an OAuthed service. I'm particularly interested
>> in the BufferApp API [1] which is an OAuth 2 implementation. However,
>> any form of documentation would be greatly appreciated. In return I
>> will make sure the docs go on the web and (at some undefined point in
>> the future) build it into the templates system.
>>
>> Ross
>>
>> [1] http://bufferapp.com/developers/api/oauth
>>
>> --
>> Ross Gardler (@rgardler)
>> Programme Leader (Open Development)
>> OpenDirective http://opendirective.com
>
--
Ross Gardler (@rgardler)
Programme Leader (Open Development)
OpenDirective http://opendirective.com
Re: Documenting the OAuth feature
Posted by Minh Tien Hoang <mi...@fundp.ac.be>.
Hi Ross,
There are 3 profiles described in oAuth specification which regulate the authorization workflow differently: authorization code, implicit grant and resource owner password credentials. Current wookie trunk supports "implicit grant" workflow, for this workflow, we need to input 2 parameters: URL end point of authorization server and client id. Right now, the URL endpoint is specified in widget configuration file, client id is generated automatically (equals to widget instance id). So the process of creating widget is:
* generate the widget with ant seed-widget
* add URL endpoint of oauth authorization server in configuration file
* when develop widget, use the function oAuth.authenticate() to begin authentication process to obtain the access token.
* when ever access the OAuthed service, use the function oAuth.proxify(url) to have a proxified with access token of destination url.
But please note that client registration protocol is not in the scope of oAuth 2 specification so the implementation could be different depending on the client registration protocol implemented at server side.
As I see in bufferapp.com, it is now supports authorization code workflow so with current implementation, wookie doesn't support. But I recently know that facebook supports implicit grant. So I will return lately with an example widget and patch if necessary.
Best,
Tien.
Le 05 Jan 2012 à 22:52, Ross Gardler a écrit :
> I'm a complete newbie with OAuth and I'm finding the OAuth feature in
> wookie hard to understand, we really need some documentation.
>
> Would it be possible for someone to document how to create a widget
> that will connect to an OAuthed service. I'm particularly interested
> in the BufferApp API [1] which is an OAuth 2 implementation. However,
> any form of documentation would be greatly appreciated. In return I
> will make sure the docs go on the web and (at some undefined point in
> the future) build it into the templates system.
>
> Ross
>
> [1] http://bufferapp.com/developers/api/oauth
>
> --
> Ross Gardler (@rgardler)
> Programme Leader (Open Development)
> OpenDirective http://opendirective.com