Hi André,
> The example in > http://oauth.googlecode.com/svn/code/python/oauth/example/server.pygenerates > dummy values in the initialization and refers to them in the other > methods but I don't know if this is because it's a dummy example or the best > way to do it. > This is definitely because it's a dummy example. You'll want to store these values in a real data store such as a database. > The other sample I found was > http://code.welldev.org/django-oauth/src/tip/oauth_provider/stores.py . > This one also stores values that will be used in subsequent method > invocations: lookup_consumer stores self.consumer which will be used in > fetch_request_token. Is this the correct way to do it? Can we assume a > certain order in the method calls or do we have to work only with the > parameters we get passed? > You'll want to work with the parameters you get passed. You can use these parameters to look up results from your data store. > > Also, this last example does some extra verifications, like: > > def fetch_request_token(self, oauth_consumer): if > oauth_consumer.key == self.consumer.key: > > ... > > def fetch_access_token(self, oauth_consumer, oauth_token): if > oauth_consumer.key == self.consumer.key \ and oauth_token.key == > self.request_token.key \ > > Do we have to do these checks or does the OAuth library take care of it? > This other example > http://code.google.com/p/python-gearshift/source/browse/trunk/gearshift/tools/oauth/sodatastore.pyhas > no such checks. > What you want to check for is really up to you and you can use these methods to enhance security by adding more checks. The example is a good place to start for what you may want to be checking. I hope that helps a bit. It seems like you're on the right track so please let me know if you have any more questions! Leah --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
