[Cubicweb] OAuth support

Aurélien Campéas aurelien.campeas at logilab.fr
Wed Aug 21 13:54:01 CEST 2013


On 21/08/2013 13:43, Christophe de Vienne wrote:
> Hi,

Hello Christophe,

>
> I am starting to write a OAuth cube (it will be LGPLed and released very
> soon).

Which version ?

http://stackoverflow.com/questions/4113934/how-is-oauth-2-different-from-oauth-1 
hints that v2 is quite not just an "evolution" of v1 ...

>
> The structure of it will resemble a lot cubicweb-openidrelay, but there
> are two main differences on which I would appreciate some feedback
> before coding :
>
> 1. Provider settings
>
> For each enabled oauth provider, an application and secret keys have to
> be provided.
> Should this setting go in the configuration file, or in a dedicated
> entity (OAuthProvider for example) ?
> I feel that storing in the database is a better approach, so that the
> administrator can easily add/remove providers.

I'd say using the db may be better, but beware of bootstrap issues,
such as being unable to access the db without being already
authenticated ...

It may be easier to start from a config file entry.

>
> 2. Multiple identities
>
> I would like to be able to link a single CWUser to identities on
> different providers.
> This is a big difference with the way openidrelay works.
> It will imply to be able, for a connected user, to add link its account
> with other providers.

This is something one would also want for openidrelay.
There is even a ticket for that.

Regards,
Aurélien.





More information about the Cubicweb mailing list