On Thu, Oct 6, 2011 at 5:15 PM, Jeff Gaynor <jgay...@ncsa.illinois.edu>wrote:
> On 10/06/2011 08:34 AM, Kayode Odeyemi wrote: > >> Hello friends, >> >> I'm working on a pretty large application that I will like to use oauth2 >> on as an authentication and authorization mechanism. >> >> I understand fairly the technology and I have written my own >> implementation before I stumbled on python-oauth2. >> >> I need advise on leveraging python-oauth2 api for creating consumer key, >> creating consumer secret, access token and token secret. >> >> This works well, but be advised that the original python oauth library > had some serious issues, so was redone as python-oauth2. What is confusing > is that it refers to OAuth version 1.0a, not the upcoming OAuth version 2.0, > so make sure you read the right spec before using it, since they are very > different indeed. > > There are *no* usable OAuth version 2..0 implementation in any language > (usually Java comes first) that I know of, so you will get to role your own, > which is hard. There are a few beta-level versions E.g. Twitter) but these > are special cased to the author's needs. The spec itself is not quite ready > either and since it has changed quite substantially in the last year, I > suspect that everyone is waiting to see it settle to a steady state. > > Jeff, I'm in the middle of a big confusion here and will need your help. I will like to know, can the request be signed just once and for all subsequent request made, I can use the stored nonce, signature method and token? My kind of setup is such that, I want the client app to be registered once, such that for every request to a resource, as long as the required parameters are available in the header (which would have been gotten at the initial request), access is granted. Is this a correct interpretation of Oauth? Thanks -- Odeyemi 'Kayode O. http://www.sinati.com. t: @charyorde
-- http://mail.python.org/mailman/listinfo/python-list
