Hi Larry and Luigi Thanks for your answers.
2016-03-04 9:16 GMT+01:00 Luigi Pirelli <[email protected]>: > so Stefan... prepare your trip to the Qgis International conference in > Girona (Es) :) You're putting high social pressure on me :-) but it's hard for me to travel during academic semester time. It's somehow weird that public institutions are pushing this. Anyway: Speaking of OAuth 2.0. Are you also aware of OpenID Connect? It's on top of OAuth and specifies a RESTful HTTP API with JSON and it's supported by quite some big companies. :Stefan [1] https://en.wikipedia.org/wiki/OpenID_Connect 2016-03-04 9:16 GMT+01:00 Luigi Pirelli <[email protected]>: > Hi Larry > > your 4h workshop on new Qgis Auth System is "unufficially" approved > (you'll receive official confirmation soon)... I suppose most of > developers working with public institutions will are interested in it. > > so Stefan... prepare your trip to the Qgis International conference in > Girona (Es) :) > > cheers > Luigi Pirelli > > ************************************************************************************************** > * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com > * LinkedIn: https://www.linkedin.com/in/luigipirelli > * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli > * GitHub: https://github.com/luipir > * Mastering QGIS: > https://www.packtpub.com/application-development/mastering-qgis > ************************************************************************************************** > > > On 3 March 2016 at 22:11, Larry Shaffer <[email protected]> wrote: >> Hi Stefan, >> >> Sorry for the delay in reply. OAuth should be able to be implemented as an >> authentication method plugin for the new system, thereby making it available >> for WxS connections, as well as other HTTP connections. >> >> I have a proposed talk and workshop on auth method plugins for the QGIS >> conference in Girona (no word yet on whether they are accepted). >> >> In the meantime, you could review existing auth method plugins and formulate >> some psuedo-code on the steps needed to intercept the request and work with >> OAuth: >> >> https://github.com/qgis/QGIS/tree/master/src/auth >> >> This is the base plugin class: >> >> https://github.com/qgis/QGIS/blob/master/src/core/auth/qgsauthmethod.h >> >> The last thing I did was add auth method plugin support to the system, which >> allows a C++ plugin to be built, then dropped into an existing 2.14 install, >> etc. >> >> Regards, >> >> Larry Shaffer >> Dakota Cartography >> Black Hills, South Dakota >> >> On Sat, Feb 27, 2016 at 1:32 PM, Stefan Keller <[email protected]> wrote: >>> >>> Hi, >>> >>> In a Python plugin [1] we implemented HTTP "Basic Authentication" and >>> "NTLM authentication". >>> >>> Now I'm still looking for a solution using OAuth 2.0 for build-in WxS >>> (WMS/WMTS, WFS) as well as for Python plugins. >>> This seems to be also of some interest for other QGIS users [2]. >>> >>> >>> The only code related to OAuth2 I found is in the CartoDB plugin [3]. >>> But this does not help WxS nor my Python plugin. >>> >>> Also Paolo's pointer to LizMap relates not to QGIS Python plugin but >>> to restricted access to lizmap online AFAIK. >>> >>> I heard about the authentication configuration system with master password >>> [4]. >>> But we still need more information when the API is available. >>> >>> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: >>> > Until then, the continued Python access to the auth system credentials >>> > means >>> > security is not good for the user. It should be considered for >>> > deprecation >>> > or just complete removal in 2.14 release. >>> >>> Any news on this, and on OAuth implementations for WxS and Python plugins? >>> >>> :Stefan >>> >>> [1] http://plugins.qgis.org/plugins/connector/ >>> [2] >>> https://groups.google.com/forum/#!topic/australian-qgis-user-group/agn7ehIPd3M >>> [3] http://plugins.qgis.org/plugins/QgisCartoDB/ >>> [4] https://github.com/qgis/QGIS/pull/1838 >>> >>> >>> 2016-01-12 23:36 GMT+01:00 Larry Shaffer <[email protected]>: >>> > Hi Bernhard, >>> > >>> > Please note that the Python support for direct access to the credentials >>> > via >>> > the auth method config *may* be completely removed for security reasons. >>> > >>> > Ideally, the expansion of credentials within a given auth method config >>> > would only be done within the core application and connection methods >>> > (HTTP, >>> > etc.) would be offered through a Python API. In this way an authcfg >>> > token >>> > can be passed in and the connection established without access to >>> > credentials. >>> > >>> > However, such support and an API are not currently available. It is >>> > simple >>> > enough to add to QgsNetworkAccessManager for HTTP[S] connections, but >>> > not so >>> > simple for other types of connections, e.g. database via a library or >>> > client. Once completed this means a plugin would not be able to access >>> > the >>> > credentials and pass them on to a different connection method, e.g. >>> > Python >>> > HTTP lib, etc. >>> > >>> > Once such an API is available (or even now, with some work), plugins >>> > could >>> > be 'authorized' by the user for access to credentials using revocable >>> > access >>> > tokens or signed/revokable certificates. >>> > >>> > Until then, the continued Python access to the auth system credentials >>> > means >>> > security is not good for the user. It should be considered for >>> > deprecation >>> > or just complete removal in 2.14 release. >>> > >>> > Regards, >>> > >>> > Larry Shaffer >>> > Dakota Cartography >>> > Black Hills, South Dakota >>> > >>> > QGIS Support/Development | Boundless >>> > [email protected] >>> > >>> > On Tue, Jan 12, 2016 at 8:14 AM, Bernhard Ströbl >>> > <[email protected]> >>> > wrote: >>> >> >>> >> Hi Luigi, >>> >> >>> >> many thanks! That was the key. >>> >> >>> >> I now have >>> >> <code> >>> >> am = QgsAuthManager.instance() >>> >> myAuthMethodConfig = QgsAuthMethodConfig() >>> >> am.loadAuthenticationConfig(mykey,myAuthMethodConfig,True) >>> >> myAuthMethodConfig.configMap() >>> >> </code> >>> >> >>> >> Bernhard >>> >> >>> >> >>> >> Am 12.01.2016 um 15:58 schrieb Luigi Pirelli: >>> >>> >>> >>> Hi Bernhard >>> >>> >>> >>> be inspired by Boundless qgis-geoserver-plugin >>> >>> >>> >>> >>> >>> >>> >>> https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/src/geoserverexplorer/gui/gsexploreritems.py#L502 >>> >>> >>> >>> I hope it's enough >>> >>> >>> >>> cheers >>> >>> Luigi Pirelli >>> >>> >>> >>> >>> >>> >>> >>> ************************************************************************************************** >>> >>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com >>> >>> * LinkedIn: https://www.linkedin.com/in/luigipirelli >>> >>> * Stackexchange: >>> >>> http://gis.stackexchange.com/users/19667/luigi-pirelli >>> >>> * GitHub: https://github.com/luipir >>> >>> * Mastering QGIS: >>> >>> https://www.packtpub.com/application-development/mastering-qgis >>> >>> >>> >>> >>> >>> ************************************************************************************************** >>> >>> >>> >>> >>> >>> On 12 January 2016 at 12:47, Bernhard Ströbl >>> >>> <[email protected]> >>> >>> wrote: >>> >>>> >>> >>>> Hi all, >>> >>>> >>> >>>> my goal is that my users do not save their PostgreSQL passwords in >>> >>>> clear >>> >>>> text but that they use the new Authentification system to do so. For >>> >>>> my >>> >>>> plugins I would need access to the PostgreSQL username and password, >>> >>>> though. >>> >>>> Is this generally possible in spite of security considerations as >>> >>>> mentioned >>> >>>> in the QGEP? If yes, how would I do it? >>> >>>> >>> >>>> what I have so far is: >>> >>>> <code> >>> >>>> am = QgsAuthManager.instance() >>> >>>> myAuthMethodConfig = am.availableAuthMethodConfigs()[mykey] >>> >>>> myAuthMethodConfig.configMap() # returns an empty dict :-( >>> >>>> </code> >>> >>>> >>> >>>> QGIS 2.12.2 >>> >>>> >>> >>>> any help appreciated >>> >>>> >>> >>>> regards >>> >>>> >>> >>>> Bernhard >>> >>>> >>> >>>> [1] >>> >>>> >>> >>>> >>> >>>> https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst >>> >>>> >>> >>>> >>> >>>> __________ Information from ESET Mail Security, version of virus >>> >>>> signature >>> >>>> database 12855 (20160112) __________ >>> >>>> >>> >>>> The message was checked by ESET Mail Security. >>> >>>> http://www.eset.com >>> >>>> >>> >>>> >>> >>>> _______________________________________________ >>> >>>> Qgis-developer mailing list >>> >>>> [email protected] >>> >>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> >>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> >>> >>> >>> >>> >>> >>> >>> __________ Information from ESET Mail Security, version of virus >>> >>> signature database 12856 (20160112) __________ >>> >>> >>> >>> The message was checked by ESET Mail Security. >>> >>> http://www.eset.com >>> >>> >>> >>> >>> >> >>> >> -- >>> >> Bernhard Ströbl >>> >> Anwendungsbetreuer GIS >>> >> >>> >> Kommunale Immobilien Jena >>> >> Am Anger 26 >>> >> 07743 Jena >>> >> >>> >> Tel.: 03641 49- 5190 >>> >> E-Mail: [email protected] >>> >> Internet: www.kij.de >>> >> >>> >> >>> >> Kommunale Immobilien Jena >>> >> Eigenbetrieb der Stadt Jena >>> >> Werkleiter: Karl-Hermann Kliewe >>> >> >>> >> >>> >> __________ Information from ESET Mail Security, version of virus >>> >> signature >>> >> database 12856 (20160112) __________ >>> >> >>> >> >>> >> The message was checked by ESET Mail Security. >>> >> http://www.eset.com >>> >> >>> >> >>> >> _______________________________________________ >>> >> Qgis-developer mailing list >>> >> [email protected] >>> >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> > >>> > >>> > >>> > _______________________________________________ >>> > Qgis-developer mailing list >>> > [email protected] >>> > List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >>> > Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> >> >> >> _______________________________________________ >> Qgis-developer mailing list >> [email protected] >> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer >> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer _______________________________________________ Qgis-developer mailing list [email protected] List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
