OAuth with OpenRasta?
52 views
Skip to first unread message
denis_mono
Aug 30, 2010, 5:56:30 PM8/30/10
to OpenRasta
Is there a way to implement OAuth based authentication with OpenRasta?
HTTP digest mechanism is cool, but the specs for the project I'm
working on require OAuth. There were a few mentions of OAuth here and
there, but nothing I could follow up on.
HTTP digest mechanism is cool, but the specs for the project I'm
working on require OAuth. There were a few mentions of OAuth here and
there, but nothing I could follow up on.
Jørn Wildt
Sep 21, 2010, 1:07:29 AM9/21/10
to open...@googlegroups.com
There is to my knowledge no official implementaion in OpenRasta. You will
have to code it yourself. Perhaps take a look at
http://www.dotnetopenauth.net/
have to code it yourself. Perhaps take a look at
http://www.dotnetopenauth.net/
/J�rn
Scott
Sep 21, 2010, 3:29:01 AM9/21/10
to OpenRasta
We've made an attempt to break away from the current digest only
security model.
You could check out my branch and implement an
OAuthAuthenticationScheme inheriting from IAuthenticationScheme
For more information:
See: http://github.com/scottlittlewood/openrasta-stable
And: http://github.com/scottlittlewood/openrasta-stable/commit/25ee8bfbf610cea17626a9e7dfede565f662d7bb
On Sep 21, 6:07 am, Jørn Wildt <j...@fjeldgruppen.dk> wrote:
> There is to my knowledge no official implementaion in OpenRasta. You will
> have to code it yourself. Perhaps take a look athttp://www.dotnetopenauth.net/
security model.
You could check out my branch and implement an
OAuthAuthenticationScheme inheriting from IAuthenticationScheme
For more information:
See: http://github.com/scottlittlewood/openrasta-stable
And: http://github.com/scottlittlewood/openrasta-stable/commit/25ee8bfbf610cea17626a9e7dfede565f662d7bb
On Sep 21, 6:07 am, Jørn Wildt <j...@fjeldgruppen.dk> wrote:
> There is to my knowledge no official implementaion in OpenRasta. You will
Bob Gregory
Sep 30, 2010, 3:30:16 PM9/30/10
to open...@googlegroups.com
I've got a full OAuth 2.0 implementation about halfway down my list of business priorities. It's not just a case of implementing an extra authorizer: validating an existing token is the easy part and the OAuth spec is silent about the format of tokens - they are opaque.
I'm hoping to release a bunch of code on this, but it'll have to wait until it comes up in an iteration. Until then, read the spec http://tools.ietf.org/html/draft-ietf-oauth-v2-10 and have a go.
You will have to decide how you want to implement the rest of the OAuth flow, and how your users will retrieve a token in the first place, as well as what that token looks like. You will need to decide whether you want a blanket access policy, or if you are going to define multiple scopes for authorization, and how you are going to provision client secrets to other developers. If there are no other developers, do not use OAuth.
-- Bob
An infinite number of mathematicians walk into a bar. The first one orders a beer. The second orders half a beer. The third, a quarter of a beer. The bartender says "You're all idiots", and pours two beers.
Ismu
Jul 1, 2011, 3:31:15 AM7/1/11
to open...@googlegroups.com
Hi Bob!
Have you got this done?
Reply all
Reply to author
Forward
0 new messages