Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth).
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo tylerromeo@gmail.com wrote:
Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth).
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
That OAuth page is actually quite old.
You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/wiki/OAuth/Issues
Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it.
Yeah I've noticed. I decided to start with reading the OAuth IETF document first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and other stuff. Then I'll draft some stuff and put it out here for discussion.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen lists@nadir-seen-fire.comwrote:
On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo tylerromeo@gmail.com wrote:
Is anybody working on OAuth for MediaWiki? Because if not I might put
something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/**OAuthhttp://www.mediawiki.org/wiki/OAuth ).
*--* *Tyler Romeo*
Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
That OAuth page is actually quite old.
You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/**wiki/OAuth/Issueshttps://www.mediawiki.org/wiki/OAuth/Issues
Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it.
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
______________________________**_________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.
Mhm, sounds good. *sigh* Going to be a long journey.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Aug 16, 2012 at 3:23 PM, Daniel Friesen lists@nadir-seen-fire.comwrote:
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo tylerromeo@gmail.com wrote:
Yeah I've noticed. I decided to start with reading the OAuth IETF document
first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and other stuff. Then I'll draft some stuff and put it out here for discussion.
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen lists@nadir-seen-fire.com**wrote:
On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo tylerromeo@gmail.com
wrote:
Is anybody working on OAuth for MediaWiki? Because if not I might put
something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/****OAuthhttp://www.mediawiki.org/wiki/**OAuth <http://www.mediawiki.**org/wiki/OAuthhttp://www.mediawiki.org/wiki/OAuth
).
*--* *Tyler Romeo*
Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
That OAuth page is actually quite old.
You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/****wiki/OAuth/Issueshttps://www.mediawiki.org/**wiki/OAuth/Issues <https://www.**mediawiki.org/wiki/OAuth/**Issueshttps://www.mediawiki.org/wiki/OAuth/Issues
Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it.
-- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
______________________________**_________________ Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-lhttps://lists.wikimedia.org/mailman/listinfo/wikitech-l
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.
I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP.
Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list).
Thank you, Derric Atzrott
I indeed meant the OAuth extension for PHP (the PECL one).
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott < datzrott@alizeepathology.com> wrote:
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.
I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP.
Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list).
Thank you, Derric Atzrott
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Hi Tyler,
I've been slowly trying to organize getting an implementation done. OAuth does have it's issues, but about once a week I have other developers here at WMF who want to do a project that would be much easier and more secure if we had OAuth.
We started a list of stories here http://www.mediawiki.org/wiki/OAuth/User_stories
And I'm currently trying to recruit developers to help work on it, in be (not so frequent) spare moments.
It would be great to have some of your help on it!
On Thu, Aug 16, 2012 at 12:41 PM, Tyler Romeo tylerromeo@gmail.com wrote:
I indeed meant the OAuth extension for PHP (the PECL one).
*--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo@gmail.com
On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott < datzrott@alizeepathology.com> wrote:
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.
I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP.
Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list).
Thank you, Derric Atzrott
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
Wikitech-l mailing list Wikitech-l@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l
wikitech-l@lists.wikimedia.org