[Cubicweb] OAuth support

Christophe de Vienne cdevienne at gmail.com
Wed Aug 21 15:10:51 CEST 2013


Le 21/08/2013 13:54, Aurélien Campéas a écrit :
>>
>> I am starting to write a OAuth cube (it will be LGPLed and released very
>> soon).
>
> Which version ?
>
> http://stackoverflow.com/questions/4113934/how-is-oauth-2-different-from-oauth-1 
> hints that v2 is quite not just an "evolution" of v1 ...

Both, by relying on the rauth package. (http://rauth.rtfd.org)

I somewhat feel like a natural way to go for such a cube would be to 
support as many external authentication provider as possible, so that 
they are all handled in a similar way. I may be wrong though.


>> The structure of it will resemble a lot cubicweb-openidrelay, but there
>> are two main differences on which I would appreciate some feedback
>> before coding :
>>
>> 1. Provider settings
>>
>> For each enabled oauth provider, an application and secret keys have to
>> be provided.
>> Should this setting go in the configuration file, or in a dedicated
>> entity (OAuthProvider for example) ?
>> I feel that storing in the database is a better approach, so that the
>> administrator can easily add/remove providers.
>
> I'd say using the db may be better, but beware of bootstrap issues,
> such as being unable to access the db without being already
> authenticated ...
>
> It may be easier to start from a config file entry.
Will do that in v0.1 I guess.





More information about the Cubicweb mailing list