Hey Sumit,

Thanks for walking me through your latest changes. I'm very pleased with where you're at at this point in the summer and excited about what you're going to accomplish.

I've made a list of things I'd like to see done but divided it into two sections, the important stuff that should happen quickly and other stuff that would be cool.

Important

  • oauth/auth
    • the default value should be "block"
    • drop the "select permission" description text, it's not helpful
    • If no oauth_token is provided an error message should be displayed, not the form.
    • The oauth_callback URL isn't being handled properly... I got redirected to http://tut2tech.com/sb2/?q=/%3Fq%3Dadmin/oauth/services
  • Listing of a user's tokens
    • Need a tab like /user/oauth that lists all the tokens that have been issued and the permissions that they have.
    • I should be able to revoke a specific token.
  • admin/oauth/services
    • After submitting a Request Token Call on I should see something more readable than:
      oauth_token=GvvyMHuG5dR4w3wJsieCGUGTfSx6aH3D&oauth_token_secret=DKLnywksN6egoERKavfkF7bnZwyQFQd2
Executed 11 queries in 1.93 milliseconds.
...

      Hide all the debugging info and make it easier for me to pick out the important return values.

    • Add some validation to check that all the necessary values are there before making the call. The current behavior is frustrating because I fill in the form click submit and then get an error and all my values have been cleared out.

Cool stuff

  • A wizard that walks you through the process of getting a token, assigning permissions, and then making a call to the remote server.
  • If the form on admin/oauth/services was broken up into three separate forms for each step.
  • If the form(s) on admin/oauth/services filled in the values based on what's returned. So when you click "Request Token Call" the next form that comes back has the OAuth Token and OAuth token secret filled in.
CommentFileSizeAuthor
#13 oauth + services 05_07_08.tar_.gz33.43 KBsumitk
#12 oauth+services_04_07_2008_release_revised.tar_.gz33.42 KBsumitk
#9 services_01_07_08.tar_.gz18.94 KBsumitk
#9 oauth_01_07_08.tar_.gz14.07 KBsumitk
#6 services_29_06+08.tar_.gz18.94 KBsumitk
#6 oauth_29_06+08.tar_.gz13.21 KBsumitk
#1 OAuth_new_28_06_08.tar_.gz13.09 KBsumitk
#1 services_new_28_06_08.tar_.gz18.91 KBsumitk

Comments

sumitk’s picture

sumitk commented
Title: Feedback after using your test site » Things fixed after this ::::
Assigned: Unassigned » sumitk
Priority: Normal » Critical
StatusFileSize
new services_new_28_06_08.tar_.gz18.91 KB
new OAuth_new_28_06_08.tar_.gz13.09 KB

Hey Drewish
thanks for such a detailed analysis of my work :)
here are things which are fixed and rest I will work out very soon

IMPORTANT

  • oauth/auth
  • the default value should be "block" :: FIXED
  • drop the "select permission" description text, it's not helpful :: FIXED
  • The oauth_callback URL isn't being handled properly... I got redirected to http://tut2tech.com/sb2/?q=/%3Fq%3Dadmin/oauth/services:: FIXED took me many hrs. to rebuild whole URL call and modify the form but in best state nowee :)
  • admin/oauth/services ==> admin/build/oauth now
  • Oh that was due to devel module it was taking its queries as well now everything fixed :)
  • Now you won't get errors every thing fixed and checked many many times this time :: I will try putting some validation check as well I feel it is necessary

COOL STUFF :: WHOLE DONE HURRAY

  • form is now broken in 3 calls
  • now it drives you through all steps one by one :: So no confusion in producing a token at all
  • FORM API Rocks!!

TEST SERVER :: http://tut2tech.com/sb2/?q=admin/build/oauth

  • Request URL is first step in producing OAuth request tokens
  • Auth => authentication of external service by user/consumer is second step in producing OAuth "access token"
  • Last and final step is producing "access token"
  • After producing access token goto services API browser and make test calls to different services to check your access :)

contact me in case of a doubt in producing tokens
complete documentation for these modules I will post very soon
cheers!!
sumit kataria
www.sumitk.net
pec.sumit@gmail.com

sumitk’s picture

sumitk commented

test server is here http://tut2tech.com/sb2/?q=admin/build/oauth

sumitk’s picture

sumitk commented

Only *PLAIN TEXT* signature method is supported by library right now
that I will fix very soon then we can use other two methods

  • HMAC-SHA1
  • RSA-SHA1

as well for producing tokens and making calls to drupal
Just for information
EndPoints of OAuth calls ::

robloach’s picture

robloach
he/him
commented

I'll have a look at the updates sometime soon.

drewish’s picture

drewish commented
  1. The response after Requesting a Token is still a debug message that's hard to parse out (oauth_token=SpTHJTiXVQ6WPf22hHZXYrx2RmoDosTa&oauth_token_secret=LLGpcB5hPMeqVnyMt8SET8ApsrtLYwQt). Please break that up into separate values. Even better would be to parse those out and use them as the defaults for the next form.
  2. Validate the URLs. At the very least mark the fields as required but you should really call valid_url() on it.
  3. If HMAC-SHA1 or RSA-SHA1 doesn't work, add a note or disable them. There's nothing worse than displaying an option that doesn't do anything.
  4. I still want to see a user/%user/oauth tab listing the tokens and allowing me to revoke them.
sumitk’s picture

sumitk commented
StatusFileSize
new oauth_29_06+08.tar_.gz13.21 KB
new services_29_06+08.tar_.gz18.94 KB

Changes after suggestions ::
1. Request token and secret are now are now broken in 2 variables and shown separately :)
2. Every thing in form is now auto filled just press buttons ==>> Your are driven through it to ServicesAPI test browser to make test calls with produced tokens
3. Those methods I will fix in 1-2 days just hold please :)
4. Yes that I will make soon say done in next week
5. Validation of fields done - right now just checking for empty fields .

Producing tokens through this form is now a pleasurable experience as no copy/pasting of tokens is required :D
cheers!!
sumit
www.sumitk.net

// Latest module packages attached \\ Please use them if you wanna make tests OR make commit to Services module

sumitk’s picture

sumitk commented

you can always test code here

http://tut2tech.com/sb2/?q=admin/build/oauth

code updated on this test server

robloach’s picture

robloach
he/him
commented

Can we get a patch for the Services module?

sumitk’s picture

sumitk commented
Title: Things fixed after this :::: » All 3 signature methods supported now
StatusFileSize
new oauth_01_07_08.tar_.gz14.07 KB
new services_01_07_08.tar_.gz18.94 KB

yAy all 3 signature methods supported now
it was a bug in library now removed :)
took a lot of time and research (tries++)
I am attaching latest code + making commit to cvs oauth

Rob I tried making services patch but it is not working somehow
I will be happy if you can make a patch out of this newer copy of Services module (it supports all previous things + OAuth support )

thanks

drewish’s picture

drewish commented
Title: All 3 signature methods supported now » Mentor feedback
Priority: Critical » Normal

I'm changing the title to be sort of generic. Unlike comments in forum posts setting the comment title on a project issue changes the node's title.

drewish’s picture

drewish commented

I'm working my way through sumit's test server.

One thing I noticed is that the request URL is filled in for me. That's a nice, touch. It would be good if it filled in the consumer key and secret as well. It should also probably do a drupal_set_message() informing the user that the form has been pre-filled with the information to connect to their local server.

I think it would be also be helpful to put the values listed on the /user/%uid page in the same order as they're asked for in the form on admin/build/oauth. Moving the consumer key/secret to the top of the user profile information would do it.

Is there a reason the "Select Signature Method" doesn't have a default value? If not please set one.

When trying to submit the admin/build/oauth form will all the field filled I got the following error:

All Fields are Required to produce Request Tokens

Perhaps the validation needs a little more work?

I also couldn't get my token request to finish.

sumitk’s picture

sumitk commented
StatusFileSize
new oauth+services_04_07_2008_release_revised.tar_.gz33.42 KB

things fixed -
Now there is a default method in select signature method
there was an error in validation that is fixed as well
I didn't why you not getting an access token .. because it works fine with me .. it is providing me token each time I make a request

Also for /user/%uid page I am thinking about a TAB showing all user access tokens - also giving rights to user to revoke any particular token from the list of access tokens
Will be done soon I will keep you on informed

sumitk’s picture

sumitk commented
StatusFileSize
new oauth + services 05_07_08.tar_.gz33.43 KB

a bit more fixed code

sumitk’s picture

sumitk commented
Title: Mentor feedback » Mentor feedback : 2 new features added to OAuth module

Hi all
now I have added 2 more features to oauth module

1. Now a website which makes token requests to Server have to register their domain first at Server otherwise it asks them to go to proper URL first to register their website
(Google also uses this feature in their OAuth implementation to DATA APIs)

2. Also on account page now at user/%user/oauth there is a tab where a user can see all OAuth access tokens registered with different domains and such he/she can revoke/delete a token to stop access of Consumer to server

Will upload code in a few hrs. after fixing one thing

cheers!!
sumit kataria
www.sumitk.net

sumitk’s picture

sumitk commented
Status: Active » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for two weeks with no activity.