[geeklog-devel] OpenID & OAuth Support

Tom websitemaster at cogeco.net
Sat Oct 30 09:25:53 EDT 2010


To answer my own question, Google uses OpenID 2. 

I talked to Randy about the current state of the GSOC 2009 OpenID 2.0
project. No Geeklog integration has been done with the stand alone library
that was created. So for now I am leaving OpenID 2.0 alone and the other
Remote 3rd party login methods as well (ie no re authentication or
re-synching of data on the My Account form, though the password fields have
been removed for remote accounts).

Re-synching of OAuth is for the most part working.  Re-authenticating for
remember me and email is not. The problem with remote services is to
authenticate I would have to store temporarily the changed values. I would
then request authentication and then when the remote service visits the
callback url, retrieve the changed values and apply if authentication was
successful. 

Also currently in the remoteservice column of the users table, the OAuth
class saves the name of its remote service  as facebook, twitter or
linkedin. It doesn't mention OAuth and conceivably we could get duplications
if there is more than one way to access ... say your facebook account. I
think I will add a column for remote service type.

For example remoteservice would then become oauth and then remoteservicetype
would become facebook

Or would storing it as oauth.facebook in just the remoteservice column be
okay and then anything before a period would be considered the remote
service and if needed, anything after as the type?

I think adding a second column would be best...

Tom

-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Tom
Sent: October-27-10 9:57 AM
To: 'Geeklog Development'
Subject: [geeklog-devel] OpenID & OAuth Support

I have been setting up resynching for OAuth and wanted to look at the other
remote login methods.

I tried to get my Google OpenID account to log into Geeklog but I get a
"Unable to find an OpenID server for the given identity URL." message. I
haven't really looked into the OpenID side of things yet, does Google just
support OpenID 2.0?

Also what is the state of the GSOC 2009 OpenID 2 project?

http://wiki.geeklog.net/index.php/SoC_full_openid_support

If I have to rewrite some code here to get resynch to work, I might as well
merge the OpenID 2.0 project if it is almost finished.

Tom



-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Tom
Sent: October-25-10 8:50 AM
To: 'Geeklog Development'
Subject: Re: [geeklog-devel] OAuth Support - Passwords and Emails

Thanks Dirk. Looking over the list I had thought about re-syncing the data
before. Would it make sense then to add a check box (instead of the password
fields) for remote accounts sync and then when the user hits save, and the
checkbox is checked, then revaluate the login and update the information
(along with remember me).

Tom


-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: October-24-10 10:41 PM
To: Geeklog Development
Subject: Re: [geeklog-devel] OAuth Support - Passwords and Emails

Ah, sorry, it's actually on the wiki (but should really be a bug report):

http://wiki.geeklog.net/index.php/Future_Plans#Clean_up_Remote_Authenticatio
n

bye, Dirk

-- 
http://www.themobilepresenter.com/

Am 24.10.2010 um 18:31 schrieb "Tom" <websitemaster at cogeco.net>:

> I checked the bug tracker and didn't see anything mentioned.
> 
> Anyways, for remote accounts then I will remove the 3 password fields from
> My Account Username & password tab. I will add in a check that confirms
the
> remote login for remember me and the email.
> 
> Tom
> 
> -----Original Message-----
> From: geeklog-devel-bounces at lists.geeklog.net
> [mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
> Sent: October-23-10 5:14 PM
> To: Geeklog Development
> Subject: Re: [geeklog-devel] OAuth Support - Passwords and Emails
> 
> Yes, the My Account page really has some issues with remote accounts and I
> think they're the same issues with all kinds of remote services. For
> example, when it asks for your password to change a setting (like how long
> to stay logged in) it's not checking the remote password but the -
> non-existing - local one.
> 
> In fact, I think there's already an issue about this on the bugtracker.
> 
> Greetings from the GSoC mentor summit :)
> 
> bye, Dirk
> 
> -- 
> http://www.themobilepresenter.com/
> 
> Am 23.10.2010 um 11:55 schrieb "Tom" <websitemaster at cogeco.net>:
> 
>> Okay the OAuth hack is pretty much in place. 
>> 
>> Two things 
>> 
>> 1. How do we want to handle accounts without passwords? 
>> 
>> I was thinking of removing the password fields (and check) on the form
"My
>> Account -> Username & Password" for any user that doesn't have a
>> remoteservice of NULL and passwd of '' in the users table. Will this work
>> for the other login methods like OpenID, 3rdParty (livejournal, LDAP)?
>> 
>> 
>> 
>> 2. Some User login methods do not give us the users email address. 
>> 
>> I will add in a check on the profile page so other users cannot send them
> an
>> email. Anything else needed here?
>> 
>> Thanks
>> 
>> Tom
>> 
>> 
>> __________ Information from ESET NOD32 Antivirus, version of virus
> signature
>> database 5558 (20101023) __________
>> 
>> The message was checked by ESET NOD32 Antivirus.
>> 
>> http://www.eset.com
>> 
>> 
>> _______________________________________________
>> geeklog-devel mailing list
>> geeklog-devel at lists.geeklog.net
>> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 5558 (20101023) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 5558 (20101023) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 5560 (20101024) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> 
> __________ Information from ESET NOD32 Antivirus, version of virus
signature
> database 5560 (20101024) __________
> 
> The message was checked by ESET NOD32 Antivirus.
> 
> http://www.eset.com
> 
> 
> _______________________________________________
> geeklog-devel mailing list
> geeklog-devel at lists.geeklog.net
> http://eight.pairlist.net/mailman/listinfo/geeklog-devel
_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5560 (20101024) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5560 (20101024) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5561 (20101025) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5561 (20101025) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5561 (20101025) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5561 (20101025) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5567 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5567 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 

_______________________________________________
geeklog-devel mailing list
geeklog-devel at lists.geeklog.net
http://eight.pairlist.net/mailman/listinfo/geeklog-devel

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5567 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5567 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5568 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5569 (20101027) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5573 (20101028) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
  

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5576 (20101029) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
 

__________ Information from ESET NOD32 Antivirus, version of virus signature
database 5576 (20101029) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 




More information about the geeklog-devel mailing list