Mobile app authentication for voting, etc.

10 views
Skip to first unread message

Andrew Sterling Hanenkamp

unread,
Dec 22, 2012, 2:54:00 PM12/22/12
to cpan...@googlegroups.com
I've read through the discussion between Yanick and Olaf from last year, presumably related to iCPAN. I am now working on the same basic issue for CPAN Sidekick on Android. From that conversation, it sounded as if Olaf was going to ask the user for the username and password and perform authentication that way. However, it also seems that the conversation wasn't finished here because it seems to stop in the middle.

Android provides access to OAuth2 tokens through the account manager. That way, the user installs the Twitter app and sets her account up there. When she wants to sign in to the MetaCPAN API for voting and what-not, Sidekick asks for the auth token from Twitter. That causes Android to ask the user to grant permission for Sidekick to get a token. Once permission is granted, Android uses the account service provided by the Twitter app to fetch a token and gives it to Sidekick. I can use a nearly identical process to fetch tokens from Facebook, Github, or just about any other account service that works with OAuth.

I've finished the code to get the auth tokens from Twitter/Facebook/Github. Now, I need to ask api.metacpan.org to give me access on behalf of the user with that token. Can anyone give me some help on what I need to do next?

Cheers.

Moritz Onken

unread,
Dec 22, 2012, 4:52:32 PM12/22/12
to Andrew Sterling Hanenkamp, cpan...@googlegroups.com
Hey,

could you please open a ticket on github? Makes it easier to keep track of the discussion.
Just as a heads up: api.metacpan.org is an OAuth provider. metacpan.org uses it to authenticate, and that's what your app should be doing as well (i.e. redirect the user to https://api.metacpan.org/oauth2/authorize?choice=twitter&client_id=[YOU_APP_ID])

Best,
Moritz

Sterling Hanenkamp

unread,
Dec 22, 2012, 11:51:46 PM12/22/12
to Moritz Onken, cpan...@googlegroups.com
In which case, it seems I need to get a client_id assigned. I'd read through the code in cpan-api and metacpan-web and that was my conclusion, but my understanding of oauth is mostly theoretical, so I didn't want to assume I knew what I was talking about. 

Opening ticket in 5... 4... 3...
--
Andrew Sterling Hanenkamp
ster...@hanenkamp.com
785.370.4454

Yanick Champoux

unread,
Dec 23, 2012, 11:59:51 AM12/23/12
to cpan...@googlegroups.com
On 12-12-22 02:54 PM, Andrew Sterling Hanenkamp wrote:
> I've read through the discussion between Yanick and Olaf from last year,
> presumably related to iCPAN.


Ah, that would be this thread, I think:
https://groups.google.com/forum/?fromgroups=#!topic/cpan-api/dQto8d_ANL8

The investigation pretty much stopped where the thread did. I should
probably revisit the issue at some point, but for the moment there is
nothing more in my bag of tricks than what was discussed then. Sowwy.

Joy,
`/anick
Reply all
Reply to author
Forward
0 new messages