OAuth Implementation - Wikitech-l - lists.wikimedia.org

List overview All Threads
Download

OAuth Implementation

EtherEditor testing, round 3:...

EtherEditor stress test about to...

Tyler Romeo

16 Aug 2012 16 Aug '12

6:39 p.m.

Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com

Reply

Show replies by date

Daniel Friesen

16 Aug 16 Aug

7:02 p.m.

On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo(a)gmail.com> wrote:

Is anybody working on OAuth for MediaWiki? Because if not I might put something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/OAuth). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com

That OAuth page is actually quite old. You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/wiki/OAuth/Issues Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

Reply

Tyler Romeo

7:11 p.m.

Yeah I've noticed. I decided to start with reading the OAuth IETF document first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and other stuff. Then I'll draft some stuff and put it out here for discussion. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen <lists(a)nadir-seen-fire.com>wrote;wrote:

On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo(a)gmail.com> wrote: Is anybody working on OAuth for MediaWiki? Because if not I might put

something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAut… ). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com

That OAuth page is actually quite old. You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/… Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] ______________________________**_________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.…

Reply

Daniel Friesen

7:23 p.m.

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <tylerromeo(a)gmail.com> wrote:

Yeah I've noticed. I decided to start with reading the OAuth IETF document first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and other stuff. Then I'll draft some stuff and put it out here for discussion. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen <lists(a)nadir-seen-fire.com>wrote;wrote: > On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo(a)gmail.com> > wrote: > > Is anybody working on OAuth for MediaWiki? Because if not I might put >> something together (i.e., start putting together design documents >> based on >> http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAut… >> ). >> >> *--* >> *Tyler Romeo* >> >> Stevens Institute of Technology, Class of 2015 >> Major in Computer Science >> www.whizkidztech.com | tylerromeo(a)gmail.com >> > > That OAuth page is actually quite old. > > You should read over all the mailing list and Talk:OAuth topics. > Especially the stuff on writing this type of auth into core as an > abstract > system. > As well please take a good long read over: > https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/… > > Also note I don't think we've had a real discussion over OAuth yet. The > OAuth discussions I've tried to spark up haven't gone far. And whoever > is > in the subgroup here that actually understands OAuth haven't even had a > discussion over it. > > -- > ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

Reply

Tyler Romeo

7:39 p.m.

Mhm, sounds good. *sigh* Going to be a long journey. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:23 PM, Daniel Friesen <lists(a)nadir-seen-fire.com>wrote;wrote:

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name] On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <tylerromeo(a)gmail.com> wrote: Yeah I've noticed. I decided to start with reading the OAuth IETF document

first so I'm totally familiarized with the protocol. Then I'm going to look at the PHP extension (although in the long run I don't want to have it as a dependency), and finally I'm going to look through the mailing list and other stuff. Then I'll draft some stuff and put it out here for discussion. *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen <lists(a)nadir-seen-fire.com>**wrote*wrote: On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo(a)gmail.com>

wrote: Is anybody working on OAuth for MediaWiki? Because if not I might put

something together (i.e., start putting together design documents based on http://www.mediawiki.org/wiki/****OAuth<http://www.mediawiki.org/wiki/**… <http://www.mediawiki.**org/wiki/OAuth<http://www.mediawiki.org/wiki/OAuth>

). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com

That OAuth page is actually quite old. You should read over all the mailing list and Talk:OAuth topics. Especially the stuff on writing this type of auth into core as an abstract system. As well please take a good long read over: https://www.mediawiki.org/****wiki/OAuth/Issues<https://www.mediawiki.or… <https://www.**mediawiki.org/wiki/OAuth/**Issues<https://www.mediawiki.org/wiki/OAuth/Issues>

Also note I don't think we've had a real discussion over OAuth yet. The OAuth discussions I've tried to spark up haven't gone far. And whoever is in the subgroup here that actually understands OAuth haven't even had a discussion over it. -- ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

______________________________**_________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.…

Reply

Derric Atzrott

7:41 p.m.

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.

I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP. Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list). Thank you, Derric Atzrott [0]: http://php.net/manual/en/book.oauth.php

Reply

Tyler Romeo

7:41 p.m.

I indeed meant the OAuth extension for PHP (the PECL one). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott < datzrott(a)alizeepathology.com> wrote:

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.

I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP. Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list). Thank you, Derric Atzrott [0]: http://php.net/manual/en/book.oauth.php _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply

Chris Steipp

8:39 p.m.

Hi Tyler, I've been slowly trying to organize getting an implementation done. OAuth does have it's issues, but about once a week I have other developers here at WMF who want to do a project that would be much easier and more secure if we had OAuth. We started a list of stories here http://www.mediawiki.org/wiki/OAuth/User_stories And I'm currently trying to recruit developers to help work on it, in be (not so frequent) spare moments. It would be great to have some of your help on it! On Thu, Aug 16, 2012 at 12:41 PM, Tyler Romeo <tylerromeo(a)gmail.com> wrote:

I indeed meant the OAuth extension for PHP (the PECL one). *--* *Tyler Romeo* Stevens Institute of Technology, Class of 2015 Major in Computer Science www.whizkidztech.com | tylerromeo(a)gmail.com On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott < datzrott(a)alizeepathology.com> wrote:

Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC. I would probably avoid reading the PHP code for it. I have a feeling that it's going to do nothing but give you some wrong ideas about how OAuth should be implemented.

I think he meant the OAuth extension for PHP [0] rather than other people's implementations of OAuth in PHP. Or was that what you meant too? I've not read the OAuth spec yet (though it is on my reading list). Thank you, Derric Atzrott [0]: http://php.net/manual/en/book.oauth.php _______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________ Wikitech-l mailing list Wikitech-l(a)lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Reply

4272

days inactive

4272

days old

wikitech-l@lists.wikimedia.org

Manage subscription

7 comments

4 participants

tags (0)

participants (4)

Chris Steipp
Daniel Friesen
Derric Atzrott
Tyler Romeo