[Product-Developers] OAuth provider support in Plone via PAS add-on

Jon Stahl jonstahl at gmail.com
Wed Aug 31 04:01:21 UTC 2011


Hi Tommy!

This sounds like it would be a fantastic add-on product for Plone!
Thanks for tackling this.  When you have it to a point where you think
it's production-ready, please do package it up and create a listing
for it at http://plone.org/products so that others can easily find it
and install it via buildout!

cheers,
jon

On Tue, Aug 30, 2011 at 4:49 PM, Tommy Yu <tommy.yu at auckland.ac.nz> wrote:
> Greetings,
>
> Noting the lack of OAuth provider support within and around Plone (with the
> only references on this was something found on the Plone core developers
> list back in early 2008), I decided to get my hands dirty and wrote a PAS
> plug-in that provides authentication via OAuth.  I don't know if the Plone
> core developers might be interested in this, so I thought the add-ons
> community might be a better place to throw this around.  Anyway, I have put
> what I have so far available on github at:
>
> https://github.com/metatoaster/pmr2.oauth
>
> This is mostly created to demonstrate that OAuth can be added to Plone and
> be plugged into PAS.  Still very new, thus lacking some vital features and
> is probably dangerous due to lack of scope limitation.  Why?  Once a valid
> access token is generated with the user's credentials and used to access
> resources in Plone, the full set of permissions that the user possess will
> be granted, which can result in bad things (TM).  For the mean time please
> do not use it on your production sites, even if its danger may be mitigated
> by lack of usable UI to add any consumers (as if that's any consolation).
>
> I hope to make this safer to use by adding in scope such that the content
> owner will be notified on which set of URIs/service the consumer is
> permitted to access (and more test cases to back this up), and make this
> extensible/configurable so people who might want to build/provide web
> service type access to (customized) resources on Plone can be done with
> ease.  Of course actually complete important features such that consumers
> can be added and allow users to revoke unwanted authenticated tokens with a
> couple simple clicks.
>
> Further information on what this can do right now (and intend to do) can be
> found in the readme file within the subdirectories and the test cases.  If
> you have any comment/question/critique against this attempt to allow Plone
> to authenticate via OAuth please don't hesitate to reply.
>
> Regards,
> Tommy.
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
>


More information about the Product-Developers mailing list