Hi Larry your 4h workshop on new Qgis Auth System is "unufficially" approved (you'll receive official confirmation soon)... I suppose most of developers working with public institutions will are interested in it.
so Stefan... prepare your trip to the Qgis International conference in Girona (Es) :) cheers Luigi Pirelli ************************************************************************************************** * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com * LinkedIn: https://www.linkedin.com/in/luigipirelli * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli * GitHub: https://github.com/luipir * Mastering QGIS: https://www.packtpub.com/application-development/mastering-qgis ************************************************************************************************** On 3 March 2016 at 22:11, Larry Shaffer <[email protected]> wrote: > Hi Stefan, > > Sorry for the delay in reply. OAuth should be able to be implemented as an > authentication method plugin for the new system, thereby making it available > for WxS connections, as well as other HTTP connections. > > I have a proposed talk and workshop on auth method plugins for the QGIS > conference in Girona (no word yet on whether they are accepted). > > In the meantime, you could review existing auth method plugins and formulate > some psuedo-code on the steps needed to intercept the request and work with > OAuth: > > https://github.com/qgis/QGIS/tree/master/src/auth > > This is the base plugin class: > > https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmethod.h > > The last thing I did was add auth method plugin support to the system, which > allows a C++ plugin to be built, then dropped into an existing 2.14 install, > etc. > > Regards, > > Larry Shaffer > Dakota Cartography > Black Hills, South Dakota > > On Sat, Feb 27, 2016 at 1:32 PM, Stefan Keller <[email protected]> wrote: >> >> Hi, >> >> In a Python plugin [1] we implemented HTTP "Basic Authentication" and >> "NTLM authentication". >> >> Now I'm still looking for a solution using OAuth 2.0 for build-in WxS >> (WMS/WMTS, WFS) as well as for Python plugins. >> This seems to be also of some interest for other QGIS users [2]. >> >> >> The only code related to OAuth2 I found is in the CartoDB plugin [3]. >> But this does not help WxS nor my Python plugin. >> >> Also Paolo's pointer to LizMap relates not to QGIS Python plugin but >> to restricted access to lizmap online AFAIK. >> >> I heard about the authentication configuration system with master password >> [4]. >> But we still need more information when the API is available. >> >> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: >> > Until then, the continued Python access to the auth system credentials >> > means >> > security is not good for the user. It should be considered for >> > deprecation >> > or just complete removal in 2.14 release. >> >> Any news on this, and on OAuth implementations for WxS and Python plugins? >> >> :Stefan >> >> [1] http://plugins.qgis.org/plugins/connector/ >> [2] >> https://groups.google.com/forum/#!topic/australian-qgis-user-group/agn7ehIPd3M >> [3] http://plugins.qgis.org/plugins/QgisCartoDB/ >> [4] https://github.com/qgis/QGIS/pull/1838 >> >> >> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: >> > Hi Bernhard, >> > >> > Please note that the Python support for direct access to the credentials >> > via >> > the auth method config *may* be completely removed for security reasons. >> > >> > Ideally, the expansion of credentials within a given auth method config >> > would only be done within the core application and connection methods >> > (HTTP, >> > etc.) would be offered through a Python API. In this way an authcfg >> > token >> > can be passed in and the connection established without access to >> > credentials. >> > >> > However, such support and an API are not currently available. It is >> > simple >> > enough to add to QgsNetworkAccessManager for HTTP[S] connections, but >> > not so >> > simple for other types of connections, e.g. database via a library or >> > client. Once completed this means a plugin would not be able to access >> > the >> > credentials and pass them on to a different connection method, e.g. >> > Python >> > HTTP lib, etc. >> > >> > Once such an API is available (or even now, with some work), plugins >> > could >> > be 'authorized' by the user for access to credentials using revocable >> > access >> > tokens or signed/revokable certificates. >> > >> > Until then, the continued Python access to the auth system credentials >> > means >> > security is not good for the user. It should be considered for >> > deprecation >> > or just complete removal in 2.14 release. >> > >> > Regards, >> > >> > Larry Shaffer >> > Dakota Cartography >> > Black Hills, South Dakota >> > >> > QGIS Support/Development | Boundless >> > [email protected] >> > >> > On Tue, Jan 12, 2016 at 8:14 AM, Bernhard Ströbl >> > <[email protected]> >> > wrote: >> >> >> >> Hi Luigi, >> >> >> >> many thanks! That was the key. >> >> >> >> I now have >> >> <code> >> >> am = QgsAuthManager.instance() >> >> myAuthMethodConfig = QgsAuthMethodConfig() >> >> am.loadAuthenticationConfig(mykey,myAuthMethodConfig,True) >> >> myAuthMethodConfig.configMap() >> >> </code> >> >> >> >> Bernhard >> >> >> >> >> >> Am 12.01.2016 um 15:58 schrieb Luigi Pirelli: >> >>> >> >>> Hi Bernhard >> >>> >> >>> be inspired by Boundless qgis-geoserver-plugin >> >>> >> >>> >> >>> >> >>> https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/src/geoserverexplorer/gui/gsexploreritems.py#L502 >> >>> >> >>> I hope it's enough >> >>> >> >>> cheers >> >>> Luigi Pirelli >> >>> >> >>> >> >>> >> >>> ************************************************************************************************** >> >>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >> >>> * LinkedIn: https://www.linkedin.com/in/luigipirelli >> >>> * Stackexchange: >> >>> http://gis.stackexchange.com/users/19667/luigi-pirelli >> >>> * GitHub: https://github.com/luipir >> >>> * Mastering QGIS: >> >>> https://www.packtpub.com/application-development/mastering-qgis >> >>> >> >>> >> >>> ************************************************************************************************** >> >>> >> >>> >> >>> On 12 January 2016 at 12:47, Bernhard Ströbl >> >>> <[email protected]> >> >>> wrote: >> >>>> >> >>>> Hi all, >> >>>> >> >>>> my goal is that my users do not save their PostgreSQL passwords in >> >>>> clear >> >>>> text but that they use the new Authentification system to do so. For >> >>>> my >> >>>> plugins I would need access to the PostgreSQL username and password, >> >>>> though. >> >>>> Is this generally possible in spite of security considerations as >> >>>> mentioned >> >>>> in the QGEP? If yes, how would I do it? >> >>>> >> >>>> what I have so far is: >> >>>> <code> >> >>>> am = QgsAuthManager.instance() >> >>>> myAuthMethodConfig = am.availableAuthMethodConfigs()[mykey] >> >>>> myAuthMethodConfig.configMap() # returns an empty dict :-( >> >>>> </code> >> >>>> >> >>>> QGIS 2.12.2 >> >>>> >> >>>> any help appreciated >> >>>> >> >>>> regards >> >>>> >> >>>> Bernhard >> >>>> >> >>>> [1] >> >>>> >> >>>> >> >>>> https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst >> >>>> >> >>>> >> >>>> __________ Information from ESET Mail Security, version of virus >> >>>> signature >> >>>> database 12855 (20160112) __________ >> >>>> >> >>>> The message was checked by ESET Mail Security. >> >>>> http://www.eset.com >> >>>> >> >>>> >> >>>> _______________________________________________ >> >>>> Qgis-developer mailing list >> >>>> [email protected] >> >>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >>> >> >>> >> >>> >> >>> __________ Information from ESET Mail Security, version of virus >> >>> signature database 12856 (20160112) __________ >> >>> >> >>> The message was checked by ESET Mail Security. >> >>> http://www.eset.com >> >>> >> >>> >> >> >> >> -- >> >> Bernhard Ströbl >> >> Anwendungsbetreuer GIS >> >> >> >> Kommunale Immobilien Jena >> >> Am Anger 26 >> >> 07743 Jena >> >> >> >> Tel.: 03641 49- 5190 >> >> E-Mail: [email protected] >> >> Internet: www.kij.de >> >> >> >> >> >> Kommunale Immobilien Jena >> >> Eigenbetrieb der Stadt Jena >> >> Werkleiter: Karl-Hermann Kliewe >> >> >> >> >> >> __________ Information from ESET Mail Security, version of virus >> >> signature >> >> database 12856 (20160112) __________ >> >> >> >> >> >> The message was checked by ESET Mail Security. >> >> http://www.eset.com >> >> >> >> >> >> _______________________________________________ >> >> Qgis-developer mailing list >> >> [email protected] >> >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> > >> > >> > >> > _______________________________________________ >> > Qgis-developer mailing list >> > [email protected] >> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer > > > > _______________________________________________ > Qgis-developer mailing list > [email protected] > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer _______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
