I would like to make a command called "login." The command takes no parameters, and returns a URL that logs the user in.
For example, over XMPP, the user would send [email protected] "login" and the bot would respond with a link to "http://identi.ca/main/login?user=candrews&otk=something"; The "something" one time key is the part giving me trouble. This key should be time limited (to say a 2 minute window) and usable only once. I'm thinking of adding a database table with three columns: user_id, valid_until, key. The "login" command will insert a row with a random string as the key when it is run, and the URL handler that accepts the key will delete the row when it is used. Occasionally, some code (trigger method TBD) will run that will delete all rows with valid_until dates before the present time. Is this a good design? Can it be done in core, or should I add the necessary events to create commands, and implement this functionality as a plugin? Thanks, ~Craig _______________________________________________ StatusNet-dev mailing list [email protected] http://lists.status.net/mailman/listinfo/statusnet-dev
