Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Implement OAuth, the open protocol to allow secure API authentication across the Services API. Might do well as a Summer of Code project.
Comment | File | Size | Author |
---|---|---|---|
#14 | oauth_.patch | 3.64 KB | sumitk |
#11 | oauth_fixed.module.tar_.gz | 2.87 KB | sumitk |
#9 | services_238814.patch | 5.34 KB | drewish |
#7 | services_files_modified.tar_.gz | 6.4 KB | sumitk |
Comments
Comment #1
moshe weitzman CreditAttribution: moshe weitzman commentedThere is a PHP library at http://code.google.com/p/oauth-php/
Comment #2
RobLoachSumit Kataria has proposed this as a Summer of Code project. Very exciting!
Comment #3
marcingy CreditAttribution: marcingy commentedassigned as place holder
Comment #4
sumitk CreditAttribution: sumitk commentedWork going on
patches to services coming soon
OAuth module is already in progress
http://drupal.org/project/oauth
OAuth services
http://drupal.org/project/oauth_services
Comment #5
marcingy CreditAttribution: marcingy commentedCorrect URLs provided for the projects
http://drupal.org/project/oauth
http://drupal.org/project/oauth_services
Comment #6
sumitk CreditAttribution: sumitk commentedFiles in tar :
1. services.module and
2. services_admin_browse.inc
These are changed to use OAuth for authorization in services
right now only access token is checked against consumer key
Soon support for nonce and nonce_timestamp will be added
nonce_timestamp will be checked for calls as request timestamp >= token issue timestamp
So that all fake calls can be identified
Also a module outh_call is in development to make calls to server from Drupal only to obtain request and access token
Both files in tar are to be dumped in root dir of Services module
Then in settings check OAuth to use OAuth for calls
right now you can use a test client server http://tut2tech.com/sb4/oauth_test/ for making calls and obtaining request and access tokens
(that may not respond correctly - right now just issuing request token - will be fixed very soon)
Comment #7
sumitk CreditAttribution: sumitk commentedComment #8
sumitk CreditAttribution: sumitk commentedneeds suggestions to make this implemented best way
I explain more about OAuth request here :
to make a request via OAuth for services required parameters are :
string oauth_consumer_key (required)
OAuth key for consumer.
string oauth_token (required)
OAuth token for consumer.
string oauth_signature_method (required)
OAuth signature method.
string oauth_signature (required)
OAuth signature.
string oauth_timestamp (required)
OAuth call timestamp
string oauth_nonce (required)
OAuth call nonce
Here we will be verifying 1. access token against consumer key(oauth_token table) 2. nonce, nonce_timestamp against oauth_nonce table [these are still to fix in OAuth module]
Timestamp in request must be >= previous timestamp for access
Comment #9
drewish CreditAttribution: drewish commentedsubscribing... here's sumit's changes as a patch.
Comment #10
drewish CreditAttribution: drewish commentedComment #11
sumitk CreditAttribution: sumitk commentedHi
here I am attaching modified oauth.module file
Please rename it and place it in /sites/all/modules/oauth/ directory
Issues Fixed :
1. Earlier it was not producing keys for all users, it was overwriting those -- >> Issue fixed
2. Nonce table was not able to store values in proper format -- >> Method + issue fixed
3. Earlier only users can view their keys+ secrets -->> issue fixed -->> Now admin(keys of all users) + users both can view their keys
4. Earlier normal user was not able to get an "access" token -->> issue fixed in this attached file -->>
you can use testing server for test calls -->> http://term.ie/oauth/example
Now we can use timestamp + nonce for verification of users in Services API as it is working fine now :)
Comment #12
adrian CreditAttribution: adrian commentedcommitted your fixes.
Comment #13
sumitk CreditAttribution: sumitk commentedPatch to above oauth.module fixes
Comment #14
sumitk CreditAttribution: sumitk commentedsomehow it didnt got attached
Comment #15
sumitk CreditAttribution: sumitk commentedanother issue link with major details to project
OAuth test browser done :)
check it here http://tut2tech.com/sb2/?q=admin/build/oauth
http://drupal.org/node/275107#comment-899622
Comment #16
sumitk CreditAttribution: sumitk commentedHere is patch to srevices module to work with oauth module http://drupal.org/node/291571
Comment #17
brmassa CreditAttribution: brmassa commentedSumit,
niiice work. Im excited to commit work code, but i need the latest files and patches. I suggest you to update your CVS, since i did several changes in the past 2 days. Then post here the final code that i should test and commit, right?
regards,
massa
Comment #18
marcingy CreditAttribution: marcingy commentedSumit
I want to review the code aswell before any commit takes place aswell.
Marc
Comment #19
sumitk CreditAttribution: sumitk commentedHi Guys
my exams were going on - so I was a bit busy with them
I will submit latest code as earliest as possible
Also a few extra features have been added to module now - But I will add those to next big release
For testing purpose this code is working fine
ill update it this weekend surely and release a new patch for services as well
cheers!!
sumitk
http://sumitk.net
Comment #20
sumitk CreditAttribution: sumitk commentedHi Guys
my exams were going on - so I was a bit busy with them
I will submit latest code as earliest as possible
Also a few extra features have been added to module now - But I will add those to next big release
For testing purpose this code is working fine
ill update it this weekend surely and release a new patch for services as well
cheers!!
sumitk
http://sumitk.net
Comment #21
brmassa CreditAttribution: brmassa commentedSumit,
hi there! About 2 days ago i started to integrate OAuth on Services. I used your code as base.
Its 80% done!
It creates request and access tokens, create consumer keys for users that are allowed, and its already working with services calls. There are a couple things that i need to do before release it to the public, probably by monday. I suggest you to take a look on D6 Services CVS.
thanks for all that code.
regards,
massa
Comment #22
marcingy CreditAttribution: marcingy commentedSummit
That sounds good I'll be more than happpy to review what you have done at some point over the weekend.
Good luck with the exams.
Marc
Comment #23
Hugo Wetterberg CreditAttribution: Hugo Wetterberg commentedComment #24
vijaya6jun CreditAttribution: vijaya6jun commentedHi,
I have just started working with oauth,
Can someone please guide me on how exactly to work on this so as to connect with yahoo.........
To be in detail........
The user can login to drupal project using yahoo username and password................