credentials. Unfortunately I think it's difficult to give you advice
regarding key management, e.g. replacing compromised keys, without knowing
the exact circumstances.
Regards,
Lukas Rosenstock
2010/7/30 Eric J. Smith e...@codesmithtools.com
I am developing an API that will be used by users
Interesting idea, don't know if that exists. But my question would be in
which scenarios an encrypted tunnel should be easier to configure compared
to installing an SSL certificate on the webserver itself?!
2010/7/30 Jake findj...@gmail.com
Hello,
Does anyone know of a service provider that
Credentials (this
is what you need the oauth_token_secret for).
3) Request for Resources - signed with Token Credentials.
Hope I could help.
Regards,
Lukas Rosenstock
2010/7/28 KeefTM kee...@gmail.com
So I am currently writing a SP, and I have a few questions. First, I
am following the specs here
the
scope values are converted into actual access privileges.
Regards,
Lukas Rosenstock
2010/7/6 wjgerritsen epsilon...@gmail.com:
Hi,
I am playing with the idea of using role names in the scope parameter
(of RequestToken endpoint) for authorizing to our platform. It will
work somehow like
OpenID Connect (http://openidconnect.com/) is an alternative version of
OpenID build on OAuth. It considers this use case as well and returns a user
identifier which can be used to get username etc. in a standardized manner
via OAuth.
Regards,
Lukas
2010/5/20 Leah Culver leah.cul...@gmail.com
Hi!
Twitter returns the screenname and user id with almost any API call, and
also along with the Access Token.
For other services you have to check which API call can give you an account
name. There is no standardized way in OAuth to do this.
Regards,
Lukas
PS: Anyone thinks this should be
Hi!
Just to clarify: The protocol knows two ways for sending the OAuth callback,
one is along with the request token; and the other is by attaching it to the
URL. The former (1.0a) is recommended and was introduced after security
issues had been known about the latter (1.0).
Regards,
Lukas
in the body implies a
application/x-www-form-urlencoded content type which usually is not the case
if you use PUT.
OAuth libraries should handle that as well.
Regards,
Lukas Rosenstock
2010/4/16 AriB ariel.boludov...@gmail.com
Hi,
when sending HTTP POST or PUT requests with Oauth, which
The specification does not guide or limit the provider in implementing their
own security policies and that includes the lifetime of tokens. Some
providers may limit it intentionally to let users re-confirm that they still
want to provide the access (or simply users should be logged on to their
Hi!
As far as I know Twitter does not allow 2-legged OAuth. That means, apart
from the Consumer Key and Secret that you have already registered, you need
an Access Token and Secret as well.
Now, you may have to do the following things:
1) Fetch a request token and secret from Twitter. This request
to that
one instead.
Regards,
Lukas Rosenstock
2010/2/21 Mahesh Venkat mhven...@gmail.com
Hi,
I recently implemented the 3-legged oauth as per the OAuth 1.0a specs.
During the implementation I am finding some gaps in the specs for error
scenarios.
We have oauth_callback url to redirect
Hi!
I think this looks very nice and will help to understand the flow and
is good for debugging. We might use it to test the upgrade of our
internal OAuth use from 1.0 to 1.0a.
Lukas
2009/11/18 k42b3 k42b...@googlemail.com:
hi OAuth folks,
I like to announce a test consumer and service
Good afternoon!
A long time back I came across two drafts for standards, which are now
marked as obsolute, with a new version to be expected by the end of March
2009. Now it's November 2009!
These standards are the OAuth Discovery and XRDS Simple:
http://oauth.net/discovery/1.0
Ok, sorry, I read your last sentence wrong so my first sentence doesn't make
sense ...
One more thing: Using an Access Token the Consumer can make any number of
requests as long as that token is valid.
2009/11/2 Lukas Rosenstock l...@lukasrosenstock.net
Hi Melvin,
yes, the Access Token
The idea behind OAuth has often been described as a valet key. The kind of
authentication provided by the access token in OAuth is different from the
user's username and password. During the redirect, the user may choose what
kind of access he wants to give, for example whether the consumer
15 matches
Mail list logo