Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
Elgg development
Home
+ new post
About this group
Join this group
Message from discussion Survey on Elgg's REST api
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Cash Costello  
View profile  
 More options Nov 4 2009, 10:26 am
From: Cash Costello <cash.coste...@gmail.com>
Date: Wed, 4 Nov 2009 07:26:42 -0800 (PST)
Local: Wed, Nov 4 2009 10:26 am
Subject: Re: Survey on Elgg's REST api
Print | View thread | Show original | Report this message | Find messages by this author
1. Passing username and password with GET is a bad idea. The password
will be written to your web server log.

2. I recommend using the user token. You first make a call that passes
the username and password (using POST). You are returned a user token
that is good for 1 hour by default. Now in every subsequent call for
that user, pass the token as the parameter "auth_token".

3. I plan to remove the option passing the username and password on
every call by default. Developers will be able to turn it on though
definitely not recommended.

4. You also have the option of building your own user authentication
module. Without knowing your application I can't tell if it is a good
fit for you.

On Nov 4, 9:39 am, "Phil.T" <tran....@gmail.com> wrote:

> Thanks cash for the tip. I updated those files, but something make me
> scratch my head...

> I need to authenticate the user, first with simple GET (without HMAC).

> When I use:
> - expose_function(... , 'GET', false, false), user is not
> authenticated,
> - expose_function(... , 'GET', false, true), it returns an error,
> because user is not authenticated even with username and password
> parameters.

> But when looking at the usage of pam_auth_userpass($credentials) in
> api.php, it looks like it is never called with the right user/password
> credentials.

> My question is : do I need to correct this ? and initiate credentials
> (from $_GET or $_POST) in pam_auth_userpass(), or in the caller
> function ?

> On 22 oct, 14:40, Cash Costello <cash.coste...@gmail.com> wrote:

> > Hi, Antoine

> > If you're just starting out, I recommend grabbing the latest REST api
> > from svn because it has a lot of bug fixes. The files you need are:

> > /engine/lib/api.php
> > /engine/lib/pam.php
> > /engine/lib/xml.php
> > /languages/en.php (error messages)
> > /services/api/rest.php

> > Note that api.php has a hook into Elgg's new unit testing framework
> > but you won't be able to use that without grabbing more files from
> > svn. Also, currently the schema in SVN has a bug which breaks the
> > activity river.

> > Cash

> > On Oct 22, 5:49 am, Ant- <antoine.raba...@gmail.com> wrote:

> > > Hi Cash and everybody.
> > > to answer your survey:

> > > 1) No but it's a project

> > > 2) iPhone and adroid application

> > > 3) not yet but I will implement it

> > > 4) just setting that up right now :)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google