I've been working on the provider side of oauth to authenticate api calls.
I was looking at the http-authentication example, but I'm not sure if want to go that route. I would like to be able to specify authentication for paths in the same place that I define them (in a DispatchPF). I'd also like to be able to pass down a Box[(consumer, Box[token])] to my response functions. This is what I have so far. I'm fairly new to scala/lift, so any pointers would be appreciated: object RestAPI extends XMLApiHelper{ //OAuth takes to functions for looking up the secrets associated with the consumer and token keys //trivial functions here for testing, but would be replaced with DB call val oauth = OAuth(c => c, t => t) def dispatch: LiftRules.DispatchPF = { case Req(List("api","user",userid), "", GetRequest) => () => requireToken(showUser(userid)) } def showUser(userid: String) (consumer: Consumer, token: Token): LiftResponse = { val e: Box[NodeSeq] = for(r <- User.find(userid.toLong)) yield { r.toXML } e } def unauth(message: String) = new XhtmlResponse(<unauthorized> {message}</unauthorized>, Full("text/xml"), Nil, Nil, 401, false) def requireToken(f: (Consumer, Token) => LiftResponse): LiftResponse = { oauth.verify_signature match { case Full((c, Full(t))) => f(c, t) case _ => unauth("Authentication failed") } } def requireSigned(f: (Consumer) => LiftResponse): LiftResponse = { oauth.verify_signature match { case Full((c, _)) => f(c) case _ => unauth("Invalid oauth signature") } } } On Jun 22, 12:36 pm, DFectuoso <santiago1...@gmail.com> wrote: > Well i will start working on that tonight(after work of course) and > keep you guys updated! Cheers! > > On Jun 22, 8:59 am, "marius d." <marius.dan...@gmail.com> wrote: > > > > > On Jun 22, 3:25 am, DFectuoso <santiago1...@gmail.com> wrote: > > > > Well i went ahead and learn a lot from the lift-openId implementation > > > and understand what I would need to do have lift-OAuthworking > > > > It seems like i could do two things: > > > 1) Get aOAuthjava library that allows me to post, get, login and > > > logout then create aOAuth.scala file where i create a trait of the > > >OAuthHandler that would access to this methods, then create a object > > > that extends from that trait; Then create a OAuthProtoUser.scala where > > > I would have a trait for the MetaOAuthProtoUser with the Xhtml for > > > login, override the menus that i would not use and perform the login > > > and logout of the user as well as the post and get methods. Finally > > > create a trait for the OAuthProtoUser that would allow me to store > > > information about the user. > > > Besides Proto stuff we'd need an abstraction overOAuthartifacts. > > Essentially a wrapper over their Java library. > > > > 2) Go ahead and have the login,logout, post and get methods on the > > >OAuth.scala actually do the logic to get the tokens without a java > > > library, this would mean creating some way of signing a url and body > > > to post and get stuff from the request, access and user-auth Token Url > > > or an url in the service. > > > > I have absolutely no experience with scala, java or lift but I really > > > want to get some(by doing this type of stuff). So what do you think is > > > better(for me to learn, for lift and for you). > > > I think it would be a good exercise. Once you're done with it we could > > probably review it and maybe it'll get its way into Lift if some > > committer doesn't implement it in the mean time, but regardless would > > be a good exercise for you. > > > > Also, what part of this abstraction(and how) is the one to set the > > > consumer_key, secret_key and the request urls? > > > InOAuthworld consumer secret and consumer key are somehow invariants > > as they impersonate a trusted service. So I would put them into a > > Scala object where user can just set these quantities from Boot. > > > > Finally; a uber noob question, what is the equivalent of curl(php) or > > > urllib/urlopen(python) that i would use in the second option to > > > actually make the http request to ther other site? I think its a > > > servlet but some trivial example on this would really help me =) > > > You can just use HttpUrlConnection, or Apache Http client. > > > > On Jun 21, 7:18 am, "marius d." <marius.dan...@gmail.com> wrote: > > > > >OAuthis not implemented yet in Lift still the project folder is > > > > there. I think Dave wanted to put it there but never got the chance to > > > > add it. > > > > > Br's, > > > > Marius > > > > > On Jun 21, 9:29 am, DFectuoso <santiago1...@gmail.com> wrote: > > > > > > Im trying to integrateOAuth(with twitter) in one of my projects... > > > > > and i saw the lift-oauth, but i cant find the code, documentation or > > > > > examples around this module; so i guess either its somewhere else or > > > > > people is doing their twitter integrations with other class(maybe > > > > > java)... > > > > > > So what are you guys doing aroundOAuthand what could i do to get > > > > > this rolling? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Lift" group. To post to this group, send email to liftweb@googlegroups.com To unsubscribe from this group, send email to liftweb+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/liftweb?hl=en -~----------~----~----~----~------~----~------~--~---