Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: Wikipedia: Wikitech

OAuth Implementation

  

 
Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded


tylerromeo at gmail

Aug 16, 2012, 11:39 AM

Post #1 of 8 (393 views)
Permalink
OAuth Implementation
Is anybody working on OAuth for MediaWiki? Because if not I might put
something together (i.e., start putting together design documents based on
http://www.mediawiki.org/wiki/OAuth).

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


lists at nadir-seen-fire

Aug 16, 2012, 12:02 PM

Post #2 of 8 (382 views)
Permalink
Re: OAuth Implementation [In reply to]
On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo [at] gmail>
wrote:

> Is anybody working on OAuth for MediaWiki? Because if not I might put
> something together (i.e., start putting together design documents based
> on
> http://www.mediawiki.org/wiki/OAuth).
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail

That OAuth page is actually quite old.

You should read over all the mailing list and Talk:OAuth topics.
Especially the stuff on writing this type of auth into core as an abstract
system.
As well please take a good long read over:
https://www.mediawiki.org/wiki/OAuth/Issues

Also note I don't think we've had a real discussion over OAuth yet. The
OAuth discussions I've tried to spark up haven't gone far. And whoever is
in the subgroup here that actually understands OAuth haven't even had a
discussion over it.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Aug 16, 2012, 12:11 PM

Post #3 of 8 (381 views)
Permalink
Re: OAuth Implementation [In reply to]
Yeah I've noticed. I decided to start with reading the OAuth IETF document
first so I'm totally familiarized with the protocol. Then I'm going to look
at the PHP extension (although in the long run I don't want to have it as a
dependency), and finally I'm going to look through the mailing list and
other stuff. Then I'll draft some stuff and put it out here for discussion.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail



On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
<lists [at] nadir-seen-fire>wrote:

> On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo [at] gmail>
> wrote:
>
> Is anybody working on OAuth for MediaWiki? Because if not I might put
>> something together (i.e., start putting together design documents based on
>> http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAuth>
>> ).
>>
>> *--*
>> *Tyler Romeo*
>>
>> Stevens Institute of Technology, Class of 2015
>> Major in Computer Science
>> www.whizkidztech.com | tylerromeo [at] gmail
>>
>
> That OAuth page is actually quite old.
>
> You should read over all the mailing list and Talk:OAuth topics.
> Especially the stuff on writing this type of auth into core as an abstract
> system.
> As well please take a good long read over:
> https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>
> Also note I don't think we've had a real discussion over OAuth yet. The
> OAuth discussions I've tried to spark up haven't gone far. And whoever is
> in the subgroup here that actually understands OAuth haven't even had a
> discussion over it.
>
> --
> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>
> ______________________________**_________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l>
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


lists at nadir-seen-fire

Aug 16, 2012, 12:23 PM

Post #4 of 8 (378 views)
Permalink
Re: OAuth Implementation [In reply to]
Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.

I would probably avoid reading the PHP code for it. I have a feeling that
it's
going to do nothing but give you some wrong ideas about how OAuth should
be implemented.

--
~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <tylerromeo [at] gmail>
wrote:

> Yeah I've noticed. I decided to start with reading the OAuth IETF
> document
> first so I'm totally familiarized with the protocol. Then I'm going to
> look
> at the PHP extension (although in the long run I don't want to have it
> as a
> dependency), and finally I'm going to look through the mailing list and
> other stuff. Then I'll draft some stuff and put it out here for
> discussion.
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail
>
>
>
> On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
> <lists [at] nadir-seen-fire>wrote:
>
>> On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo [at] gmail>
>> wrote:
>>
>> Is anybody working on OAuth for MediaWiki? Because if not I might put
>>> something together (i.e., start putting together design documents
>>> based on
>>> http://www.mediawiki.org/wiki/**OAuth<http://www.mediawiki.org/wiki/OAuth>
>>> ).
>>>
>>> *--*
>>> *Tyler Romeo*
>>>
>>> Stevens Institute of Technology, Class of 2015
>>> Major in Computer Science
>>> www.whizkidztech.com | tylerromeo [at] gmail
>>>
>>
>> That OAuth page is actually quite old.
>>
>> You should read over all the mailing list and Talk:OAuth topics.
>> Especially the stuff on writing this type of auth into core as an
>> abstract
>> system.
>> As well please take a good long read over:
>> https://www.mediawiki.org/**wiki/OAuth/Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>>
>> Also note I don't think we've had a real discussion over OAuth yet. The
>> OAuth discussions I've tried to spark up haven't gone far. And whoever
>> is
>> in the subgroup here that actually understands OAuth haven't even had a
>> discussion over it.
>>
>> --
>> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Aug 16, 2012, 12:39 PM

Post #5 of 8 (377 views)
Permalink
Re: OAuth Implementation [In reply to]
Mhm, sounds good. *sigh* Going to be a long journey.

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail



On Thu, Aug 16, 2012 at 3:23 PM, Daniel Friesen
<lists [at] nadir-seen-fire>wrote:

> Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>
> I would probably avoid reading the PHP code for it. I have a feeling that
> it's
> going to do nothing but give you some wrong ideas about how OAuth should
> be implemented.
>
>
> --
> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>
> On Thu, 16 Aug 2012 12:11:05 -0700, Tyler Romeo <tylerromeo [at] gmail>
> wrote:
>
> Yeah I've noticed. I decided to start with reading the OAuth IETF document
>> first so I'm totally familiarized with the protocol. Then I'm going to
>> look
>> at the PHP extension (although in the long run I don't want to have it as
>> a
>> dependency), and finally I'm going to look through the mailing list and
>> other stuff. Then I'll draft some stuff and put it out here for
>> discussion.
>>
>> *--*
>> *Tyler Romeo*
>> Stevens Institute of Technology, Class of 2015
>> Major in Computer Science
>> www.whizkidztech.com | tylerromeo [at] gmail
>>
>>
>>
>> On Thu, Aug 16, 2012 at 3:02 PM, Daniel Friesen
>> <lists [at] nadir-seen-fire>**wrote:
>>
>> On Thu, 16 Aug 2012 11:39:54 -0700, Tyler Romeo <tylerromeo [at] gmail>
>>> wrote:
>>>
>>> Is anybody working on OAuth for MediaWiki? Because if not I might put
>>>
>>>> something together (i.e., start putting together design documents based
>>>> on
>>>> http://www.mediawiki.org/wiki/****OAuth<http://www.mediawiki.org/wiki/**OAuth>
>>>> <http://www.mediawiki.**org/wiki/OAuth<http://www.mediawiki.org/wiki/OAuth>
>>>> >
>>>>
>>>> ).
>>>>
>>>> *--*
>>>> *Tyler Romeo*
>>>>
>>>> Stevens Institute of Technology, Class of 2015
>>>> Major in Computer Science
>>>> www.whizkidztech.com | tylerromeo [at] gmail
>>>>
>>>>
>>> That OAuth page is actually quite old.
>>>
>>> You should read over all the mailing list and Talk:OAuth topics.
>>> Especially the stuff on writing this type of auth into core as an
>>> abstract
>>> system.
>>> As well please take a good long read over:
>>> https://www.mediawiki.org/****wiki/OAuth/Issues<https://www.mediawiki.org/**wiki/OAuth/Issues>
>>> <https://www.**mediawiki.org/wiki/OAuth/**Issues<https://www.mediawiki.org/wiki/OAuth/Issues>
>>> >
>>>
>>>
>>> Also note I don't think we've had a real discussion over OAuth yet. The
>>> OAuth discussions I've tried to spark up haven't gone far. And whoever is
>>> in the subgroup here that actually understands OAuth haven't even had a
>>> discussion over it.
>>>
>>> --
>>> ~Daniel Friesen (Dantman, Nadir-Seen-Fire) [http://daniel.friesen.name]
>>>
>>
> ______________________________**_________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/**mailman/listinfo/wikitech-l<https://lists.wikimedia.org/mailman/listinfo/wikitech-l>
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


tylerromeo at gmail

Aug 16, 2012, 12:41 PM

Post #6 of 8 (377 views)
Permalink
Re: OAuth Implementation [In reply to]
I indeed meant the OAuth extension for PHP (the PECL one).

*--*
*Tyler Romeo*
Stevens Institute of Technology, Class of 2015
Major in Computer Science
www.whizkidztech.com | tylerromeo [at] gmail



On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott <
datzrott [at] alizeepathology> wrote:

> >Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
> >
> >I would probably avoid reading the PHP code for it. I have a feeling that
> >it's going to do nothing but give you some wrong ideas about how OAuth
> >should be implemented.
>
> I think he meant the OAuth extension for PHP [0] rather than other people's
> implementations of OAuth in PHP.
>
> Or was that what you meant too? I've not read the OAuth spec yet (though
> it
> is on my reading list).
>
> Thank you,
> Derric Atzrott
>
> [0]: http://php.net/manual/en/book.oauth.php
>
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>
_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


datzrott at alizeepathology

Aug 16, 2012, 12:41 PM

Post #7 of 8 (380 views)
Permalink
Re: OAuth Implementation [In reply to]
>Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>
>I would probably avoid reading the PHP code for it. I have a feeling that
>it's going to do nothing but give you some wrong ideas about how OAuth
>should be implemented.

I think he meant the OAuth extension for PHP [0] rather than other people's
implementations of OAuth in PHP.

Or was that what you meant too? I've not read the OAuth spec yet (though it
is on my reading list).

Thank you,
Derric Atzrott

[0]: http://php.net/manual/en/book.oauth.php


_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l


csteipp at wikimedia

Aug 16, 2012, 1:39 PM

Post #8 of 8 (377 views)
Permalink
Re: OAuth Implementation [In reply to]
Hi Tyler,

I've been slowly trying to organize getting an implementation done.
OAuth does have it's issues, but about once a week I have other
developers here at WMF who want to do a project that would be much
easier and more secure if we had OAuth.

We started a list of stories here
http://www.mediawiki.org/wiki/OAuth/User_stories

And I'm currently trying to recruit developers to help work on it, in
be (not so frequent) spare moments.

It would be great to have some of your help on it!


On Thu, Aug 16, 2012 at 12:41 PM, Tyler Romeo <tylerromeo [at] gmail> wrote:
> I indeed meant the OAuth extension for PHP (the PECL one).
>
> *--*
> *Tyler Romeo*
> Stevens Institute of Technology, Class of 2015
> Major in Computer Science
> www.whizkidztech.com | tylerromeo [at] gmail
>
>
>
> On Thu, Aug 16, 2012 at 3:41 PM, Derric Atzrott <
> datzrott [at] alizeepathology> wrote:
>
>> >Read both OAuth 2 (and it's Bearer and MAC specs) and the OAuth 1 RFC.
>> >
>> >I would probably avoid reading the PHP code for it. I have a feeling that
>> >it's going to do nothing but give you some wrong ideas about how OAuth
>> >should be implemented.
>>
>> I think he meant the OAuth extension for PHP [0] rather than other people's
>> implementations of OAuth in PHP.
>>
>> Or was that what you meant too? I've not read the OAuth spec yet (though
>> it
>> is on my reading list).
>>
>> Thank you,
>> Derric Atzrott
>>
>> [0]: http://php.net/manual/en/book.oauth.php
>>
>>
>> _______________________________________________
>> Wikitech-l mailing list
>> Wikitech-l [at] lists
>> https://lists.wikimedia.org/mailman/listinfo/wikitech-l
>>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l [at] lists
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l

_______________________________________________
Wikitech-l mailing list
Wikitech-l [at] lists
https://lists.wikimedia.org/mailman/listinfo/wikitech-l

Wikipedia wikitech RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.