Implementing Python-OAuth2

Kayode Odeyemi dreyemi at gmail.com
Tue Oct 11 04:16:57 EDT 2011 

On Thu, Oct 6, 2011 at 5:15 PM, Jeff Gaynor <jgaynor at ncsa.illinois.edu>wrote:

> On 10/06/2011 08:34 AM, Kayode Odeyemi wrote:
>
>> Hello friends,
>>
>> I'm working on a pretty large application that I will like to use oauth2
>> on as an authentication and authorization mechanism.
>>
>> I understand fairly the technology and I have written my own
>> implementation before I stumbled on python-oauth2.
>>
>> I need advise on leveraging python-oauth2 api for creating consumer key,
>> creating consumer secret, access token and token secret.
>>
>>  This works well, but be advised that the original python oauth library
> had some serious issues, so was redone as python-oauth2. What is confusing
> is that it refers to OAuth version 1.0a, not the upcoming OAuth version 2.0,
> so make sure you read the right spec before using it, since they are very
> different indeed.
>
> There are *no* usable OAuth version 2..0 implementation in any language
> (usually Java comes first) that I know of, so you will get to role your own,
> which is hard. There are a few beta-level versions E.g. Twitter) but these
> are special cased to the author's needs. The spec itself is not quite ready
> either and since it has changed quite substantially in the last year, I
> suspect that everyone is waiting to see it settle to a steady state.
>
> Jeff, I'm in the middle of a big confusion here and will need your help.

I will like to know, can the request be signed just once and for all
subsequent request made, I can use the stored nonce, signature method and
token? My kind of setup is such that, I want the client app to be registered
once, such that for every request to a resource, as long as the required
parameters are available in the header (which would have been gotten at the
initial request), access is granted.

Is this a correct interpretation of Oauth?

Thanks



-- 
Odeyemi 'Kayode O.
http://www.sinati.com. t: @charyorde
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20111011/a72ba968/attachment-0001.html>

More information about the Python-list mailing list