[allura:tickets] #6656 Github oauth application

Fri, 13 Sep 2013 13:42:17 -0700 


---

** [tickets:#6656] Github oauth application**

**Status:** open
**Labels:** import github 42cc 
**Created:** Fri Sep 13, 2013 08:12 PM UTC by Dave Brondsema
**Last Updated:** Fri Sep 13, 2013 08:12 PM UTC
**Owner:** nobody

To avoid low rate limits for anonymous API access, we should use an oauth app.  
http://developer.github.com/v3/#rate-limiting

As best I can tell https://pypi.python.org/pypi/requests-oauthlib is the best 
oauth v2 library to use.   (The "oauth2" library we already use, despite its 
name, only is for oauth v1) It's license is BSD/MIT style, based on the very 
good 'requests' library, has good docs and has an active git repo.

I am not super familiar with oauth v2 and github's setup, but based on what I 
know, here's how I think it should work.  Each Allura instance (e.g. your 
development host, SourceForge, etc) will need to set up a their own Github 
OAuth App.  Then those keys can be placed in the `ini` file.  Our github 
importer code will then do the oauth flow to authorize the user requesting an 
import.   No [scope](http://developer.github.com/v3/oauth/#scopes) is necessary 
since we're just doing public readonly fetching.  We should store the 
appropriate user tokens (via `user.set_tool_data`) so that they are available 
for the background task, and also can be re-used if the user wants to run 
another import.

This should all go through a shared mechanism (e.g. override the base 
`ProjectExtractor.urlopen` in `GitHubProjectExtractor`) so that it's used for 
all github related API access.  This code should also check the rate limit 
values and when it reaches the limit, log a warning, and sleep for the amount 
of time needed until the limit resets).

Of course, we can modify this as needed if my understanding of github oauth 
isn't correct.




---

Sent from sourceforge.net because allura-dev@incubator.apache.org is subscribed 
to https://sourceforge.net/p/allura/tickets/

To unsubscribe from further messages, a project admin can change settings at 
https://sourceforge.net/p/allura/admin/tickets/options.  Or, if this is a 
mailing list, you can unsubscribe from the mailing list.





















					Reply via email to