Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
Elgg development
Home
+ new post
About this group
Join this group
Message from discussion Survey on Elgg's REST api
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Cash Costello  
View profile  
 More options Nov 6 2009, 7:41 am
From: Cash Costello <cash.coste...@gmail.com>
Date: Fri, 6 Nov 2009 04:41:35 -0800 (PST)
Local: Fri, Nov 6 2009 7:41 am
Subject: Re: Survey on Elgg's REST api
Print | View thread | Show original | Report this message | Find messages by this author
Phil - add your own user PAM. The API does not set the user
credentials so the default one does not return true. You could use the
plugin hook in /services/api/rest.php to add your PAM whenever the
REST api is used.

On Nov 5, 7:37 am, "Phil.T" <tran....@gmail.com> wrote:

> i dont use the token to get everything in 1 shot: authentification and
> rest/rpc stuff, no waste of time (many transactions) and bandwith

> and i plan to get first the GET working, then post user pwd (passing
> username in the url), and then use HMAC

> data load would also be in the post. hence the idea to use pam-aut-
> userpass.

> how do u think I could I do this ?

> On 4 Nov, 16:26, Cash Costello <cash.coste...@gmail.com> wrote:

> > 1. Passing username and password with GET is a bad idea. The password
> > will be written to your web server log.

> > 2. I recommend using the user token. You first make a call that passes
> > the username and password (using POST). You are returned a user token
> > that is good for 1 hour by default. Now in every subsequent call for
> > that user, pass the token as the parameter "auth_token".

> > 3. I plan to remove the option passing the username and password on
> > every call by default. Developers will be able to turn it on though
> > definitely not recommended.

> > 4. You also have the option of building your own user authentication
> > module. Without knowing your application I can't tell if it is a good
> > fit for you.

> > On Nov 4, 9:39 am, "Phil.T" <tran....@gmail.com> wrote:

> > > Thanks cash for the tip. I updated those files, but something make me
> > > scratch my head...

> > > I need to authenticate the user, first with simple GET (without HMAC).

> > > When I use:
> > > - expose_function(... , 'GET', false, false), user is not
> > > authenticated,
> > > - expose_function(... , 'GET', false, true), it returns an error,
> > > because user is not authenticated even with username and password
> > > parameters.

> > > But when looking at the usage of pam_auth_userpass($credentials) in
> > > api.php, it looks like it is never called with the right user/password
> > > credentials.

> > > My question is : do I need to correct this ? and initiate credentials
> > > (from $_GET or $_POST) in pam_auth_userpass(), or in the caller
> > > function ?

> > > On 22 oct, 14:40, Cash Costello <cash.coste...@gmail.com> wrote:

> > > > Hi, Antoine

> > > > If you're just starting out, I recommend grabbing the latest REST api
> > > > from svn because it has a lot of bug fixes. The files you need are:

> > > > /engine/lib/api.php
> > > > /engine/lib/pam.php
> > > > /engine/lib/xml.php
> > > > /languages/en.php (error messages)
> > > > /services/api/rest.php

> > > > Note that api.php has a hook into Elgg's new unit testing framework
> > > > but you won't be able to use that without grabbing more files from
> > > > svn. Also, currently the schema in SVN has a bug which breaks the
> > > > activity river.

> > > > Cash

> > > > On Oct 22, 5:49 am, Ant- <antoine.raba...@gmail.com> wrote:

> > > > > Hi Cash and everybody.
> > > > > to answer your survey:

> > > > > 1) No but it's a project

> > > > > 2) iPhone and adroid application

> > > > > 3) not yet but I will implement it

> > > > > 4) just setting that up right now :)


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google