Well this was embarrassing. I did not apply the CSRF protection correctly to
most of the forms and the fact that this skipped through my testing. This is
now rectified and pmr2.oauth-0.4.2 is released; please upgrade to this version
if you are testing/using this for OAuth provider support.
Sorry about that.
On 29/01/13 19:12, Christian Ledermann wrote:
Great, thanks for taking a stab at this :)
On Tue, Jan 29, 2013 at 7:12 AM, Tommy Yu <[email protected]> wrote:
Greetings,
I had some time to revisit the package that I released last year that
implements OAuth provider support for Plone. Improvements were made to make
it safer and friendlier to use. Safer in the sense that python-oauth2 is
stripped out and replaced more thoroughly tested, actively
developed/maintained and RFC5849 conforming oauthlib, with a revamp of the
scope management and handling that is based on endpoints offered by
content-types, and done in a way that scope for each access token will not
mutate with respect to future changes to a given scope identifier.
Friendlier in the sense that specified scope(s) can be constructed in a way
so that when they are presented to resource owners, the list of permissions
to be granted can be understood by them at a glance. This is especially
useful in cases where package developers wishing to enable users to export
their private data; they can create a scope profile permitting the target
endpoint(s) and inform their clients (consumers) t
o use the
m. Please refer to the 'Using OAuth with scope' section in the
documentation for details to the revised built-in scope manager.
For more in-depth list of changes, documentation and installation
instruction, this can be found at:
http://pypi.python.org/pypi/pmr2.oauth/0.4
One unfortunate note is that due to the large amount of restructuring and
wording changes, the translations table graciously provided by giacomos no
longer applies to this version.
Comments, suggestions and patches are welcomed.
Regards,
Tommy.
_______________________________________________
Product-Developers mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-product-developers
_______________________________________________
Product-Developers mailing list
[email protected]
https://lists.plone.org/mailman/listinfo/plone-product-developers
