[Product-Developers] OAuth provider support in Plone via PAS add-on
Jon Stahl
jonstahl at gmail.com
Wed Aug 31 04:01:21 UTC 2011
Hi Tommy!
This sounds like it would be a fantastic add-on product for Plone!
Thanks for tackling this. When you have it to a point where you think
it's production-ready, please do package it up and create a listing
for it at http://plone.org/products so that others can easily find it
and install it via buildout!
cheers,
jon
On Tue, Aug 30, 2011 at 4:49 PM, Tommy Yu <tommy.yu at auckland.ac.nz> wrote:
> Greetings,
>
> Noting the lack of OAuth provider support within and around Plone (with the
> only references on this was something found on the Plone core developers
> list back in early 2008), I decided to get my hands dirty and wrote a PAS
> plug-in that provides authentication via OAuth. I don't know if the Plone
> core developers might be interested in this, so I thought the add-ons
> community might be a better place to throw this around. Anyway, I have put
> what I have so far available on github at:
>
> https://github.com/metatoaster/pmr2.oauth
>
> This is mostly created to demonstrate that OAuth can be added to Plone and
> be plugged into PAS. Still very new, thus lacking some vital features and
> is probably dangerous due to lack of scope limitation. Why? Once a valid
> access token is generated with the user's credentials and used to access
> resources in Plone, the full set of permissions that the user possess will
> be granted, which can result in bad things (TM). For the mean time please
> do not use it on your production sites, even if its danger may be mitigated
> by lack of usable UI to add any consumers (as if that's any consolation).
>
> I hope to make this safer to use by adding in scope such that the content
> owner will be notified on which set of URIs/service the consumer is
> permitted to access (and more test cases to back this up), and make this
> extensible/configurable so people who might want to build/provide web
> service type access to (customized) resources on Plone can be done with
> ease. Of course actually complete important features such that consumers
> can be added and allow users to revoke unwanted authenticated tokens with a
> couple simple clicks.
>
> Further information on what this can do right now (and intend to do) can be
> found in the readme file within the subdirectories and the test cases. If
> you have any comment/question/critique against this attempt to allow Plone
> to authenticate via OAuth please don't hesitate to reply.
>
> Regards,
> Tommy.
> _______________________________________________
> Product-Developers mailing list
> Product-Developers at lists.plone.org
> https://lists.plone.org/mailman/listinfo/plone-product-developers
>
More information about the Product-Developers
mailing list