I've been working on the provider side of oauth to authenticate api
calls.
I was looking at the http-authentication example, but I'm not sure if
want to go that route. I would like to be able to specify
authentication for paths in the same place that I define them (in a
DispatchPF).
I'd also like to be able to pass down a Box[(consumer, Box[token])] to
my response functions.
This is what I have so far. I'm fairly new to scala/lift, so any
pointers would be appreciated:
object RestAPI extends XMLApiHelper{
//OAuth takes to functions for looking up the secrets
associated with the consumer and token keys
//trivial functions here for testing, but would be replaced
with DB call
val oauth = OAuth(c => c, t => t)
def dispatch: LiftRules.DispatchPF = {
case Req(List("api","user",userid), "", GetRequest) =>
() => requireToken(showUser(userid))
}
def showUser(userid: String) (consumer: Consumer, token: Token):
LiftResponse = {
val e: Box[NodeSeq] =
for(r <- User.find(userid.toLong)) yield {
r.toXML
}
e
}
def unauth(message: String) = new XhtmlResponse(<unauthorized>
{message}</unauthorized>, Full("text/xml"),
Nil,
Nil,
401, false)
def requireToken(f: (Consumer, Token) => LiftResponse):
LiftResponse = {
oauth.verify_signature match {
case Full((c, Full(t))) => f(c, t)
case _ => unauth("Authentication failed")
}
}
def requireSigned(f: (Consumer) => LiftResponse): LiftResponse = {
oauth.verify_signature match {
case Full((c, _)) => f(c)
case _ => unauth("Invalid oauth signature")
}
}
}
On Jun 22, 12:36 pm, DFectuoso <santiago1...@gmail.com> wrote:
> Well i will start working on that tonight(after work of course) and
> keep you guys updated! Cheers!
>
> On Jun 22, 8:59 am, "marius d." <marius.dan...@gmail.com> wrote:
>
>
>
> > On Jun 22, 3:25 am, DFectuoso <santiago1...@gmail.com> wrote:
>
> > > Well i went ahead and learn a lot from the lift-openId implementation
> > > and understand what I would need to do have lift-OAuthworking
>
> > > It seems like i could do two things:
> > > 1) Get aOAuthjava library that allows me to post, get, login and
> > > logout then create aOAuth.scala file where i create a trait of the
> > >OAuthHandler that would access to this methods, then create a object
> > > that extends from that trait; Then create a OAuthProtoUser.scala where
> > > I would have a trait for the MetaOAuthProtoUser with the Xhtml for
> > > login, override the menus that i would not use and perform the login
> > > and logout of the user as well as the post and get methods. Finally
> > > create a trait for the OAuthProtoUser that would allow me to store
> > > information about the user.
>
> > Besides Proto stuff we'd need an abstraction overOAuthartifacts.
> > Essentially a wrapper over their Java library.
>
> > > 2) Go ahead and have the login,logout, post and get methods on the
> > >OAuth.scala actually do the logic to get the tokens without a java
> > > library, this would mean creating some way of signing a url and body
> > > to post and get stuff from the request, access and user-auth Token Url
> > > or an url in the service.
>
> > > I have absolutely no experience with scala, java or lift but I really
> > > want to get some(by doing this type of stuff). So what do you think is
> > > better(for me to learn, for lift and for you).
>
> > I think it would be a good exercise. Once you're done with it we could
> > probably review it and maybe it'll get its way into Lift if some
> > committer doesn't implement it in the mean time, but regardless would
> > be a good exercise for you.
>
> > > Also, what part of this abstraction(and how) is the one to set the
> > > consumer_key, secret_key and the request urls?
>
> > InOAuthworld consumer secret and consumer key are somehow invariants
> > as they impersonate a trusted service. So I would put them into a
> > Scala object where user can just set these quantities from Boot.
>
> > > Finally; a uber noob question, what is the equivalent of curl(php) or
> > > urllib/urlopen(python) that i would use in the second option to
> > > actually make the http request to ther other site? I think its a
> > > servlet but some trivial example on this would really help me =)
>
> > You can just use HttpUrlConnection, or Apache Http client.
>
> > > On Jun 21, 7:18 am, "marius d." <marius.dan...@gmail.com> wrote:
>
> > > >OAuthis not implemented yet in Lift still the project folder is
> > > > there. I think Dave wanted to put it there but never got the chance to
> > > > add it.
>
> > > > Br's,
> > > > Marius
>
> > > > On Jun 21, 9:29 am, DFectuoso <santiago1...@gmail.com> wrote:
>
> > > > > Im trying to integrateOAuth(with twitter) in one of my projects...
> > > > > and i saw the lift-oauth, but i cant find the code, documentation or
> > > > > examples around this module; so i guess either its somewhere else or
> > > > > people is doing their twitter integrations with other class(maybe
> > > > > java)...
>
> > > > > So what are you guys doing aroundOAuthand what could i do to get
> > > > > this rolling?
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to liftweb@googlegroups.com
To unsubscribe from this group, send email to
liftweb+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
