hi thanks. i get it now :) regards deepak On Mon, Oct 26, 2009 at 1:16 AM, Ronan Klyne <[email protected]>wrote:
> Deepak Shetty wrote: > >> OAuth allows the end user to use OAuth tokens instead of login details, >>> >>> >> which means that you can allow a third party site to >access all or part >> of >> your Twitter profile, to continue the example. The third party site will >> store an OAuth token, and it can use >this token to log in to Twitter as >> you. >> Exactly. So whatever libraries you need are needed for the webapp you are >> developing (If you were actually implementing the protocol). If you wanted >> to test this out , you dont need anything special , the demo does work in >> a >> standard browser (which is what we are simulating in Jmeter). >> > Yes, exactly right. The browser does not need any special libraries or > software to interact with that web site, as the browser does not do any > signing of OAuth requests. > > I guess you >> are saying libraries are needed if you want JMeter to act as the third >> party >> right(which shouldnt normally be what you are testing out)? >> >> > Yes, libraries would be needed for that, but it's not as unusual as you > might think. OAuth is well suited to providing authentication to web > services and other APIs. It's not unreasonable to think that someone might > want to load test such an API... > > Ronan > > > regards >> deepak >> >> On Fri, Oct 23, 2009 at 12:02 AM, Ronan Klyne <[email protected] >> >wrote: >> >> >> >>> Deepak Shetty wrote: >>> >>> >>> >>>> That can't be right. You mean Internet explorer / firefox will sign >>>> this? >>>> As far as I understand this is between two websites , where one relies >>>> on >>>> the other to perform the actual authentication and they pass signed >>>> tokens >>>> to securely get this information across. >>>> I looked at a demo http://twitteroauth.appspot.com/ ,which seems to >>>> indicate the above. (in a Java app world this is very similar to SAML, >>>> something I have done in Jmeter without needing any additional >>>> libraries) >>>> >>>> >>>> >>>> >>> As far as I know, there is no support in Firefox or IE for OAuth, unless >>> you have custom extensions. There is certainly no support required. OAuth >>> is >>> a mechanism for machine to machine authentication in the name of a user. >>> It >>> is designed for those cases where it would be really useful to give an >>> external site/application your password, but you obviously don't want to >>> give out your password. >>> >>> OAuth allows the end user to use OAuth tokens instead of login details, >>> which means that you can allow a third party site to access all or part >>> of >>> your Twitter profile, to continue the example. The third party site will >>> store an OAuth token, and it can use this token to log in to Twitter as >>> you. >>> >>> As it happens, I have implemented the bulk of the OAuth protocol in >>> Python. >>> It's a simple protocol, and easy to do, but because all of the data you >>> send >>> is signed and checked, the smallest thing like extra line-feeds can break >>> it >>> completely - it's best to use an existing tested implementation. >>> >>> And it is technically possible to use OAuth without SHA1, I think that >>> the >>> only other option is plaintext, which offers no security, and removes the >>> major performance hits on the server. >>> >>> >>> Cheers, >>> Ronan >>> >>> >>> regards >>> >>> >>>> deepak >>>> >>>> On Thu, Oct 22, 2009 at 12:19 AM, Ronan Klyne <[email protected] >>>> >>>> >>>>> wrote: >>>>> >>>>> >>>> >>>> >>>> >>>>> Deepak Shetty wrote: >>>>> >>>>> >>>>> >>>>> >>>>> >>>>>> hi >>>>>> maybe im missing something, but how exactly does OAuth differ from any >>>>>> other >>>>>> HTTP web based app (the signing etc is still done at the server and >>>>>> passed >>>>>> around in hidden fields etc) is it not? >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> No. The client is required to be able to sign the request using the >>>>> access >>>>> key secret. At the very least, this requires some implementation of >>>>> SHA1, >>>>> and some careful coding. >>>>> >>>>> It's probably possible to do this in a BSF/Java pre-processor, but it >>>>> might >>>>> take a lot of fiddling and testing to get it right. >>>>> >>>>> >>>>> Ronan >>>>> >>>>> >>>>> regards >>>>> >>>>> >>>>> >>>>> >>>>>> deepak >>>>>> >>>>>> On Tue, Oct 20, 2009 at 1:48 PM, Milamber <[email protected]> >>>>>> wrote: >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> Hello, >>>>>>> >>>>>>> On JMeter dev-list, one thread : >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> http://mail-archives.apache.org/mod_mbox/jakarta-jmeter-dev/200904.mbox/%3cc60d0f8e.f1bd0%[email protected]%3e >>>>>>> >>>>>>> and 1 bugzilla: >>>>>>> https://issues.apache.org/bugzilla/show_bug.cgi?id=47040 >>>>>>> >>>>>>> Milamber >>>>>>> >>>>>>> Le 20/10/2009 11:49, nikolaos prodromidis a ecrit : >>>>>>> >>>>>>> Hi all, >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> Is there anyway of using jMeter to complete the OAuth authentication >>>>>>>> process? Has this been done before or even talked about? >>>>>>>> >>>>>>>> Thanks, Nikos. >>>>>>>> >>>>>>>> >>>>>>>> --------------------------------------------------------------------- >>>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>>> For additional commands, e-mail: >>>>>>>> [email protected] >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> --------------------------------------------------------------------- >>>>>>> To unsubscribe, e-mail: [email protected] >>>>>>> For additional commands, e-mail: [email protected] >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> >>>>> --------------------------------------------------------------------- >>>>> To unsubscribe, e-mail: [email protected] >>>>> For additional commands, e-mail: [email protected] >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>>> >>>> >>> --------------------------------------------------------------------- >>> To unsubscribe, e-mail: [email protected] >>> For additional commands, e-mail: [email protected] >>> >>> >>> >>> >> >> >> > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
