Hi, In a Python plugin [1] we implemented HTTP "Basic Authentication" and "NTLM authentication".
Now I'm still looking for a solution using OAuth 2.0 for build-in WxS (WMS/WMTS, WFS) as well as for Python plugins. This seems to be also of some interest for other QGIS users [2]. The only code related to OAuth2 I found is in the CartoDB plugin [3]. But this does not help WxS nor my Python plugin. Also Paolo's pointer to LizMap relates not to QGIS Python plugin but to restricted access to lizmap online AFAIK. I heard about the authentication configuration system with master password [4]. But we still need more information when the API is available. 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: > Until then, the continued Python access to the auth system credentials means > security is not good for the user. It should be considered for deprecation > or just complete removal in 2.14 release. Any news on this, and on OAuth implementations for WxS and Python plugins? :Stefan [1] http://plugins.qgis.org/plugins/connector/ [2] https://groups.google.com/forum/#!topic/australian-qgis-user-group/agn7ehIPd3M [3] http://plugins.qgis.org/plugins/QgisCartoDB/ [4] https://github.com/qgis/QGIS/pull/1838 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: > Hi Bernhard, > > Please note that the Python support for direct access to the credentials via > the auth method config *may* be completely removed for security reasons. > > Ideally, the expansion of credentials within a given auth method config > would only be done within the core application and connection methods (HTTP, > etc.) would be offered through a Python API. In this way an authcfg token > can be passed in and the connection established without access to > credentials. > > However, such support and an API are not currently available. It is simple > enough to add to QgsNetworkAccessManager for HTTP[S] connections, but not so > simple for other types of connections, e.g. database via a library or > client. Once completed this means a plugin would not be able to access the > credentials and pass them on to a different connection method, e.g. Python > HTTP lib, etc. > > Once such an API is available (or even now, with some work), plugins could > be 'authorized' by the user for access to credentials using revocable access > tokens or signed/revokable certificates. > > Until then, the continued Python access to the auth system credentials means > security is not good for the user. It should be considered for deprecation > or just complete removal in 2.14 release. > > Regards, > > Larry Shaffer > Dakota Cartography > Black Hills, South Dakota > > QGIS Support/Development | Boundless > [email protected] > > On Tue, Jan 12, 2016 at 8:14 AM, Bernhard Ströbl <[email protected]> > wrote: >> >> Hi Luigi, >> >> many thanks! That was the key. >> >> I now have >> <code> >> am = QgsAuthManager.instance() >> myAuthMethodConfig = QgsAuthMethodConfig() >> am.loadAuthenticationConfig(mykey,myAuthMethodConfig,True) >> myAuthMethodConfig.configMap() >> </code> >> >> Bernhard >> >> >> Am 12.01.2016 um 15:58 schrieb Luigi Pirelli: >>> >>> Hi Bernhard >>> >>> be inspired by Boundless qgis-geoserver-plugin >>> >>> >>> https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/src/geoserverexplorer/gui/gsexploreritems.py#L502 >>> >>> I hope it's enough >>> >>> cheers >>> Luigi Pirelli >>> >>> >>> ************************************************************************************************** >>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >>> * LinkedIn: https://www.linkedin.com/in/luigipirelli >>> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli >>> * GitHub: https://github.com/luipir >>> * Mastering QGIS: >>> https://www.packtpub.com/application-development/mastering-qgis >>> >>> ************************************************************************************************** >>> >>> >>> On 12 January 2016 at 12:47, Bernhard Ströbl <[email protected]> >>> wrote: >>>> >>>> Hi all, >>>> >>>> my goal is that my users do not save their PostgreSQL passwords in clear >>>> text but that they use the new Authentification system to do so. For my >>>> plugins I would need access to the PostgreSQL username and password, >>>> though. >>>> Is this generally possible in spite of security considerations as >>>> mentioned >>>> in the QGEP? If yes, how would I do it? >>>> >>>> what I have so far is: >>>> <code> >>>> am = QgsAuthManager.instance() >>>> myAuthMethodConfig = am.availableAuthMethodConfigs()[mykey] >>>> myAuthMethodConfig.configMap() # returns an empty dict :-( >>>> </code> >>>> >>>> QGIS 2.12.2 >>>> >>>> any help appreciated >>>> >>>> regards >>>> >>>> Bernhard >>>> >>>> [1] >>>> >>>> https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst >>>> >>>> >>>> __________ Information from ESET Mail Security, version of virus >>>> signature >>>> database 12855 (20160112) __________ >>>> >>>> The message was checked by ESET Mail Security. >>>> http://www.eset.com >>>> >>>> >>>> _______________________________________________ >>>> Qgis-developer mailing list >>>> [email protected] >>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> >>> >>> >>> __________ Information from ESET Mail Security, version of virus >>> signature database 12856 (20160112) __________ >>> >>> The message was checked by ESET Mail Security. >>> http://www.eset.com >>> >>> >> >> -- >> Bernhard Ströbl >> Anwendungsbetreuer GIS >> >> Kommunale Immobilien Jena >> Am Anger 26 >> 07743 Jena >> >> Tel.: 03641 49- 5190 >> E-Mail: [email protected] >> Internet: www.kij.de >> >> >> Kommunale Immobilien Jena >> Eigenbetrieb der Stadt Jena >> Werkleiter: Karl-Hermann Kliewe >> >> >> __________ Information from ESET Mail Security, version of virus signature >> database 12856 (20160112) __________ >> >> >> The message was checked by ESET Mail Security. >> http://www.eset.com >> >> >> _______________________________________________ >> Qgis-developer mailing list >> [email protected] >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer > > > > _______________________________________________ > Qgis-developer mailing list > [email protected] > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer _______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
