Hi Tommy! This sounds like it would be a fantastic add-on product for Plone! Thanks for tackling this. When you have it to a point where you think it's production-ready, please do package it up and create a listing for it at http://plone.org/products so that others can easily find it and install it via buildout!
cheers, jon On Tue, Aug 30, 2011 at 4:49 PM, Tommy Yu <[email protected]> wrote: > Greetings, > > Noting the lack of OAuth provider support within and around Plone (with the > only references on this was something found on the Plone core developers > list back in early 2008), I decided to get my hands dirty and wrote a PAS > plug-in that provides authentication via OAuth. I don't know if the Plone > core developers might be interested in this, so I thought the add-ons > community might be a better place to throw this around. Anyway, I have put > what I have so far available on github at: > > https://github.com/metatoaster/pmr2.oauth > > This is mostly created to demonstrate that OAuth can be added to Plone and > be plugged into PAS. Still very new, thus lacking some vital features and > is probably dangerous due to lack of scope limitation. Why? Once a valid > access token is generated with the user's credentials and used to access > resources in Plone, the full set of permissions that the user possess will > be granted, which can result in bad things (TM). For the mean time please > do not use it on your production sites, even if its danger may be mitigated > by lack of usable UI to add any consumers (as if that's any consolation). > > I hope to make this safer to use by adding in scope such that the content > owner will be notified on which set of URIs/service the consumer is > permitted to access (and more test cases to back this up), and make this > extensible/configurable so people who might want to build/provide web > service type access to (customized) resources on Plone can be done with > ease. Of course actually complete important features such that consumers > can be added and allow users to revoke unwanted authenticated tokens with a > couple simple clicks. > > Further information on what this can do right now (and intend to do) can be > found in the readme file within the subdirectories and the test cases. If > you have any comment/question/critique against this attempt to allow Plone > to authenticate via OAuth please don't hesitate to reply. > > Regards, > Tommy. > _______________________________________________ > Product-Developers mailing list > [email protected] > https://lists.plone.org/mailman/listinfo/plone-product-developers > _______________________________________________ Product-Developers mailing list [email protected] https://lists.plone.org/mailman/listinfo/plone-product-developers
