Implement OAuth, the open protocol to allow secure API authentication across the Services API. Might do well as a Summer of Code project.

Support from Acquia helps fund testing for Drupal Acquia logo

Comments

moshe weitzman’s picture

There is a PHP library at http://code.google.com/p/oauth-php/

RobLoach’s picture

Title: OAuth » SoC: OAuth
Category: task » feature

Sumit Kataria has proposed this as a Summer of Code project. Very exciting!

marcingy’s picture

Assigned: Unassigned » marcingy

assigned as place holder

sumitk’s picture

Work going on
patches to services coming soon
OAuth module is already in progress
http://drupal.org/project/oauth
OAuth services
http://drupal.org/project/oauth_services

marcingy’s picture

Component: Code » Miscellaneous
Assigned: marcingy » sumitk
sumitk’s picture

Component: Code » Miscellaneous
Status: Needs review » Active

Files in tar :
1. services.module and
2. services_admin_browse.inc

These are changed to use OAuth for authorization in services
right now only access token is checked against consumer key
Soon support for nonce and nonce_timestamp will be added
nonce_timestamp will be checked for calls as request timestamp >= token issue timestamp
So that all fake calls can be identified

Also a module outh_call is in development to make calls to server from Drupal only to obtain request and access token

Both files in tar are to be dumped in root dir of Services module
Then in settings check OAuth to use OAuth for calls

right now you can use a test client server http://tut2tech.com/sb4/oauth_test/ for making calls and obtaining request and access tokens
(that may not respond correctly - right now just issuing request token - will be fixed very soon)

sumitk’s picture

sumitk’s picture

Component: Miscellaneous » Code
Status: Active » Postponed (maintainer needs more info)

needs suggestions to make this implemented best way

I explain more about OAuth request here :
to make a request via OAuth for services required parameters are :

string oauth_consumer_key (required)
OAuth key for consumer.
string oauth_token (required)
OAuth token for consumer.
string oauth_signature_method (required)
OAuth signature method.
string oauth_signature (required)
OAuth signature.
string oauth_timestamp (required)
OAuth call timestamp
string oauth_nonce (required)
OAuth call nonce

Here we will be verifying 1. access token against consumer key(oauth_token table) 2. nonce, nonce_timestamp against oauth_nonce table [these are still to fix in OAuth module]
Timestamp in request must be >= previous timestamp for access

drewish’s picture

FileSize
5.34 KB

subscribing... here's sumit's changes as a patch.

drewish’s picture

Status: Postponed (maintainer needs more info) » Needs review
sumitk’s picture

Title: SoC: OAuth » SoC: OAuth - oauth.module -- fixed many things now
Component: Miscellaneous » Code
Status: Active » Needs review
FileSize
2.87 KB

Hi
here I am attaching modified oauth.module file
Please rename it and place it in /sites/all/modules/oauth/ directory

Issues Fixed :
1. Earlier it was not producing keys for all users, it was overwriting those -- >> Issue fixed
2. Nonce table was not able to store values in proper format -- >> Method + issue fixed
3. Earlier only users can view their keys+ secrets -->> issue fixed -->> Now admin(keys of all users) + users both can view their keys
4. Earlier normal user was not able to get an "access" token -->> issue fixed in this attached file -->>

you can use testing server for test calls -->> http://term.ie/oauth/example

Now we can use timestamp + nonce for verification of users in Services API as it is working fine now :)

adrian’s picture

committed your fixes.

sumitk’s picture

Patch to above oauth.module fixes

sumitk’s picture

FileSize
3.64 KB

somehow it didnt got attached

sumitk’s picture

another issue link with major details to project
OAuth test browser done :)
check it here http://tut2tech.com/sb2/?q=admin/build/oauth
http://drupal.org/node/275107#comment-899622

sumitk’s picture

Here is patch to srevices module to work with oauth module http://drupal.org/node/291571

brmassa’s picture

Sumit,

niiice work. Im excited to commit work code, but i need the latest files and patches. I suggest you to update your CVS, since i did several changes in the past 2 days. Then post here the final code that i should test and commit, right?

regards,

massa

marcingy’s picture

Sumit

I want to review the code aswell before any commit takes place aswell.

Marc

sumitk’s picture

Title: SoC: OAuth - oauth.module -- fixed many things now » SoC: OAuth - oauth.module -- sorry for late

Hi Guys
my exams were going on - so I was a bit busy with them
I will submit latest code as earliest as possible

Also a few extra features have been added to module now - But I will add those to next big release
For testing purpose this code is working fine

ill update it this weekend surely and release a new patch for services as well

cheers!!
sumitk
http://sumitk.net

sumitk’s picture

Hi Guys
my exams were going on - so I was a bit busy with them
I will submit latest code as earliest as possible

Also a few extra features have been added to module now - But I will add those to next big release
For testing purpose this code is working fine

ill update it this weekend surely and release a new patch for services as well

cheers!!
sumitk
http://sumitk.net

brmassa’s picture

Sumit,

hi there! About 2 days ago i started to integrate OAuth on Services. I used your code as base.

Its 80% done!

It creates request and access tokens, create consumer keys for users that are allowed, and its already working with services calls. There are a couple things that i need to do before release it to the public, probably by monday. I suggest you to take a look on D6 Services CVS.

thanks for all that code.

regards,

massa

marcingy’s picture

Status: Needs review » Needs work

Summit

That sounds good I'll be more than happpy to review what you have done at some point over the weekend.

Good luck with the exams.

Marc

Hugo Wetterberg’s picture

Status: Needs work » Closed (fixed)
vijaya6jun’s picture

Hi,
I have just started working with oauth,
Can someone please guide me on how exactly to work on this so as to connect with yahoo.........

To be in detail........
The user can login to drupal project using yahoo username and password................