[Cubicweb] OAuth support
Christophe de Vienne
cdevienne at gmail.com
Wed Aug 21 15:10:51 CEST 2013
Le 21/08/2013 13:54, Aurélien Campéas a écrit :
>> I am starting to write a OAuth cube (it will be LGPLed and released very
> Which version ?
> hints that v2 is quite not just an "evolution" of v1 ...
Both, by relying on the rauth package. (http://rauth.rtfd.org)
I somewhat feel like a natural way to go for such a cube would be to
support as many external authentication provider as possible, so that
they are all handled in a similar way. I may be wrong though.
>> The structure of it will resemble a lot cubicweb-openidrelay, but there
>> are two main differences on which I would appreciate some feedback
>> before coding :
>> 1. Provider settings
>> For each enabled oauth provider, an application and secret keys have to
>> be provided.
>> Should this setting go in the configuration file, or in a dedicated
>> entity (OAuthProvider for example) ?
>> I feel that storing in the database is a better approach, so that the
>> administrator can easily add/remove providers.
> I'd say using the db may be better, but beware of bootstrap issues,
> such as being unable to access the db without being already
> authenticated ...
> It may be easier to start from a config file entry.
Will do that in v0.1 I guess.
More information about the Cubicweb