OAuth Implementation

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

OAuth Implementation

Tyler Romeo
Is anybody working on OAuth for MediaWiki? Because if not I might put
something together (i.e., start putting together design documents based on
http://www.mediawiki.org/wiki/OAuth).

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | [hidden email]
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Daniel Friesen-4
On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <[hidden email]>  
wrote:

> Is anybody working on OAuth for MediaWiki? Because if not I might put
> something together (i.e., start putting together design documents based  
> on
> http://www.mediawiki.org/wiki/OAuth).
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | [hidden email]

That OAuth page is actually quite old.

You should read over all the mailing list and Talk:OAuth topics.  
Especially the stuff on writing this type of auth into core as an abstract  
system.
As well please take a good long read over:
https://www.mediawiki.org/wiki/OAuth/Issues

Also note I don't think we've had a real discussion over OAuth yet. The  
OAuth discussions I've tried to spark up haven't gone far. And whoever is  
in the subgroup here that actually understands OAuth haven't even had a  
discussion over it.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Tyler Romeo
Yeah I've noticed. I decided to start with reading the OAuth IETF document
first so I'm totally familiarized with the protocol. Then I'm going to look
at the PHP extension (although in the long run I don't want to have it as a
dependency), and finally I'm going to look through the mailing list and
other stuff. Then I'll draft some stuff and put it out here for discussion.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | [hidden email]



On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
<[hidden email]>wrote:

> On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <[hidden email]>
> wrote:
>
>  Is anybody working on OAuth for MediaWiki? Because if not I might put
>> something together (i.e., start putting together design documents based on
>> http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAuth>
>> ).
>>
>> *--*
>> *Tyler Romeo*
>>
>> Stevens Institute of Technology, Class of 2015
>> Major in Computer Science
>> www.whizkidztech.com | [hidden email]
>>
>
> That OAuth page is actually quite old.
>
> You should read over all the mailing list and Talk:OAuth topics.
> Especially the stuff on writing this type of auth into core as an abstract
> system.
> As well please take a good long read over:
> https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>
> Also note I don't think we've had a real discussion over OAuth yet. The
> OAuth discussions I've tried to spark up haven't gone far. And whoever is
> in the subgroup here that actually understands OAuth haven't even had a
> discussion over it.
>
> --
> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>
> ______________________________**_________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l>
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Daniel Friesen-4
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.

I would probably avoid reading the PHP code for it. I have a feeling that  
it's
going to do nothing but give you some wrong ideas about how OAuth should  
be implemented.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <[hidden email]>  
wrote:

> Yeah I've noticed. I decided to start with reading the OAuth IETF  
> document
> first so I'm totally familiarized with the protocol. Then I'm going to  
> look
> at the PHP extension (although in the long run I don't want to have it  
> as a
> dependency), and finally I'm going to look through the mailing list and
> other stuff. Then I'll draft some stuff and put it out here for  
> discussion.
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | [hidden email]
>
>
>
> On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
> <[hidden email]>wrote:
>
>> On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <[hidden email]>
>> wrote:
>>
>>  Is anybody working on OAuth for MediaWiki? Because if not I might put
>>> something together (i.e., start putting together design documents  
>>> based on
>>> http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAuth>
>>> ).
>>>
>>> *--*
>>> *Tyler Romeo*
>>>
>>> Stevens Institute of Technology, Class of 2015
>>> Major in Computer Science
>>> www.whizkidztech.com | [hidden email]
>>>
>>
>> That OAuth page is actually quite old.
>>
>> You should read over all the mailing list and Talk:OAuth topics.
>> Especially the stuff on writing this type of auth into core as an  
>> abstract
>> system.
>> As well please take a good long read over:
>> https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>>
>> Also note I don't think we've had a real discussion over OAuth yet. The
>> OAuth discussions I've tried to spark up haven't gone far. And whoever  
>> is
>> in the subgroup here that actually understands OAuth haven't even had a
>> discussion over it.
>>
>> --
>> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Tyler Romeo
Mhm, sounds good. *sigh* Going to be a long journey.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | [hidden email]



On Thu, Aug 16, 2012 at 3:23 PM, Daniel Friesen
<[hidden email]>wrote:

> Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>
> I would probably avoid reading the PHP code for it. I have a feeling that
> it's
> going to do nothing but give you some wrong ideas about how OAuth should
> be implemented.
>
>
> --
> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>
> On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <[hidden email]>
> wrote:
>
>  Yeah I've noticed. I decided to start with reading the OAuth IETF document
>> first so I'm totally familiarized with the protocol. Then I'm going to
>> look
>> at the PHP extension (although in the long run I don't want to have it as
>> a
>> dependency), and finally I'm going to look through the mailing list and
>> other stuff. Then I'll draft some stuff and put it out here for
>> discussion.
>>
>> *--*
>> *Tyler Romeo*
>> Stevens Institute of Technology, Class of 2015
>> Major in Computer Science
>> www.whizkidztech.com | [hidden email]
>>
>>
>>
>> On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
>> <[hidden email]>**wrote:
>>
>>  On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <[hidden email]>
>>> wrote:
>>>
>>>  Is anybody working on OAuth for MediaWiki? Because if not I might put
>>>
>>>> something together (i.e., start putting together design documents based
>>>> on
>>>> http://www.mediawiki.org/wiki/****OAuth<http://www.mediawiki.org/wiki/**OAuth>
>>>> <http://www.mediawiki.**org/wiki/OAuth<http://www.mediawiki.org/wiki/OAuth>
>>>> >
>>>>
>>>> ).
>>>>
>>>> *--*
>>>> *Tyler Romeo*
>>>>
>>>> Stevens Institute of Technology, Class of 2015
>>>> Major in Computer Science
>>>> www.whizkidztech.com | [hidden email]
>>>>
>>>>
>>> That OAuth page is actually quite old.
>>>
>>> You should read over all the mailing list and Talk:OAuth topics.
>>> Especially the stuff on writing this type of auth into core as an
>>> abstract
>>> system.
>>> As well please take a good long read over:
>>> https://www.mediawiki.org/****wiki/OAuth/Issues<https://www.mediawiki.org/**wiki/OAuth/Issues>
>>> <https://www.**mediawiki.org/wiki/OAuth/**Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>>> >
>>>
>>>
>>> Also note I don't think we've had a real discussion over OAuth yet. The
>>> OAuth discussions I've tried to spark up haven't gone far. And whoever is
>>> in the subgroup here that actually understands OAuth haven't even had a
>>> discussion over it.
>>>
>>> --
>>> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>>>
>>
> ______________________________**_________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l>
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Derric Atzrott
In reply to this post by Daniel Friesen-4
>Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>
>I would probably avoid reading the PHP code for it. I have a feeling that
>it's going to do nothing but give you some wrong ideas about how OAuth
>should be implemented.

I think he meant the OAuth extension for PHP [0] rather than other people's
implementations of OAuth in PHP.

Or was that what you meant too?  I've not read the OAuth spec yet (though it
is on my reading list).

Thank you,
Derric Atzrott

[0]: http://php.net/manual/en/book.oauth.php


_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Tyler Romeo
I indeed meant the OAuth extension for PHP (the PECL one).

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | [hidden email]



On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott <
[hidden email]> wrote:

> >Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
> >
> >I would probably avoid reading the PHP code for it. I have a feeling that
> >it's going to do nothing but give you some wrong ideas about how OAuth
> >should be implemented.
>
> I think he meant the OAuth extension for PHP [0] rather than other people's
> implementations of OAuth in PHP.
>
> Or was that what you meant too?  I've not read the OAuth spec yet (though
> it
> is on my reading list).
>
> Thank you,
> Derric Atzrott
>
> [0]: http://php.net/manual/en/book.oauth.php
>
>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Reply | Threaded
Open this post in threaded view
|

Re: OAuth Implementation

Chris Steipp
Hi Tyler,

I've been slowly trying to organize getting an implementation done.
OAuth does have it's issues, but about once a week I have other
developers here at WMF who want to do a project that would be much
easier and more secure if we had OAuth.

We started a list of stories here
http://www.mediawiki.org/wiki/OAuth/User_stories

And I'm currently trying to recruit developers to help work on it, in
be (not so frequent) spare moments.

It would be great to have some of your help on it!


On Thu, Aug 16, 2012 at 12:41 PM, Tyler Romeo <[hidden email]> wrote:

> I indeed meant the OAuth extension for PHP (the PECL one).
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | [hidden email]
>
>
>
> On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott <
> [hidden email]> wrote:
>
>> >Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>> >
>> >I would probably avoid reading the PHP code for it. I have a feeling that
>> >it's going to do nothing but give you some wrong ideas about how OAuth
>> >should be implemented.
>>
>> I think he meant the OAuth extension for PHP [0] rather than other people's
>> implementations of OAuth in PHP.
>>
>> Or was that what you meant too?  I've not read the OAuth spec yet (though
>> it
>> is on my reading list).
>>
>> Thank you,
>> Derric Atzrott
>>
>> [0]: http://php.net/manual/en/book.oauth.php
>>
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> [hidden email]
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
> _______________________________________________
> Wikitech-l mailing list
> [hidden email]
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/wikitech-l