Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Peter Karich

 Hi,

do you know of any examples for wicket which uses twitter's oAuth?
In my app I can easily login and use the twitter api,
but I'm kind of stuck how to avoid that the user needs to login every 
time after the session expires.


Any other hints, links or best practices?

Kind regards,
Peter.

--
http://jetwick.com twitter search prototype


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Igor Vaynberg
store the token in a cookie and attempt to auto-reologin user based on it?

-igor

On Sat, Dec 4, 2010 at 11:51 AM, Peter Karich peat...@yahoo.de wrote:
  Hi,

 do you know of any examples for wicket which uses twitter's oAuth?
 In my app I can easily login and use the twitter api,
 but I'm kind of stuck how to avoid that the user needs to login every time
 after the session expires.

 Any other hints, links or best practices?

 Kind regards,
 Peter.

 --
 http://jetwick.com twitter search prototype


 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Peter Karich

 Igor,

there is token_secure. So storing it in clean text should be ok, right?
Or do I need to encrypt (or at leat base64ing) it?

Regards,
Peter.


store the token in a cookie and attempt to auto-reologin user based on it?

-igor

On Sat, Dec 4, 2010 at 11:51 AM, Peter Karichpeat...@yahoo.de  wrote:

  Hi,

do you know of any examples for wicket which uses twitter's oAuth?
In my app I can easily login and use the twitter api,
but I'm kind of stuck how to avoid that the user needs to login every time
after the session expires.

Any other hints, links or best practices?

Kind regards,
Peter.

--
http://jetwick.com twitter search prototype


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org





--
http://jetwick.com twitter search prototype


-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Igor Vaynberg
not sure, but i would think it would be ok. i think the token should
already be url safe, but once again - not sure.

-igor

On Sat, Dec 4, 2010 at 12:38 PM, Peter Karich peat...@yahoo.de wrote:
  Igor,

 there is token_secure. So storing it in clean text should be ok, right?
 Or do I need to encrypt (or at leat base64ing) it?

 Regards,
 Peter.

 store the token in a cookie and attempt to auto-reologin user based on it?

 -igor

 On Sat, Dec 4, 2010 at 11:51 AM, Peter Karichpeat...@yahoo.de  wrote:

  Hi,

 do you know of any examples for wicket which uses twitter's oAuth?
 In my app I can easily login and use the twitter api,
 but I'm kind of stuck how to avoid that the user needs to login every
 time
 after the session expires.

 Any other hints, links or best practices?

 Kind regards,
 Peter.

 --
 http://jetwick.com twitter search prototype


 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org


 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org




 --
 http://jetwick.com twitter search prototype


 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Peter Karich

 Hi Igor!

thanks! I will try it out. (I also think token is url safe)

BTW: I meant, there is also 'token_secure', not only 'token' in 
twitter's oAuth (+ the app credentials).
So a hacker cannot easily guess the 'token' for the user and get a fake 
login via modifying its cookie.

like it would be the case if I would store the user name in the cookie only.

(But this method is not safe if you as a user are connected via an 
unsecured WLAN)


Regards,
Peter.


not sure, but i would think it would be ok. i think the token should
already be url safe, but once again - not sure.

-igor

On Sat, Dec 4, 2010 at 12:38 PM, Peter Karichpeat...@yahoo.de  wrote:

  Igor,

there is token_secure. So storing it in clean text should be ok, right?
Or do I need to encrypt (or at leat base64ing) it?

Regards,
Peter.


store the token in a cookie and attempt to auto-reologin user based on it?

-igor

On Sat, Dec 4, 2010 at 11:51 AM, Peter Karichpeat...@yahoo.dewrote:

  Hi,

do you know of any examples for wicket which uses twitter's oAuth?
In my app I can easily login and use the twitter api,
but I'm kind of stuck how to avoid that the user needs to login every
time
after the session expires.

Any other hints, links or best practices?

Kind regards,
Peter.



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Igor Vaynberg
you can mark the cookie as secure so it will only be transferred over https.

-igor

On Sat, Dec 4, 2010 at 12:56 PM, Peter Karich peat...@yahoo.de wrote:
  Hi Igor!

 thanks! I will try it out. (I also think token is url safe)

 BTW: I meant, there is also 'token_secure', not only 'token' in twitter's
 oAuth (+ the app credentials).
 So a hacker cannot easily guess the 'token' for the user and get a fake
 login via modifying its cookie.
 like it would be the case if I would store the user name in the cookie only.

 (But this method is not safe if you as a user are connected via an unsecured
 WLAN)

 Regards,
 Peter.

 not sure, but i would think it would be ok. i think the token should
 already be url safe, but once again - not sure.

 -igor

 On Sat, Dec 4, 2010 at 12:38 PM, Peter Karichpeat...@yahoo.de  wrote:

  Igor,

 there is token_secure. So storing it in clean text should be ok, right?
 Or do I need to encrypt (or at leat base64ing) it?

 Regards,
 Peter.

 store the token in a cookie and attempt to auto-reologin user based on
 it?

 -igor

 On Sat, Dec 4, 2010 at 11:51 AM, Peter Karichpeat...@yahoo.de
  wrote:

  Hi,

 do you know of any examples for wicket which uses twitter's oAuth?
 In my app I can easily login and use the twitter api,
 but I'm kind of stuck how to avoid that the user needs to login every
 time
 after the session expires.

 Any other hints, links or best practices?

 Kind regards,
 Peter.


 -
 To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
 For additional commands, e-mail: users-h...@wicket.apache.org



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org



Re: Long term usage of twitter/oauth credentials with wicket

2010-12-04 Thread Peter Karich

 oh, but this would raise other questions :-)

e.g. how can I setup https with tomcat/wicket? Or do I need to setup 
this with apache only?


Regards,
Peter.


you can mark the cookie as secure so it will only be transferred over https.

-igor

On Sat, Dec 4, 2010 at 12:56 PM, Peter Karichpeat...@yahoo.de  wrote:

  Hi Igor!

thanks! I will try it out. (I also think token is url safe)

BTW: I meant, there is also 'token_secure', not only 'token' in twitter's
oAuth (+ the app credentials).
So a hacker cannot easily guess the 'token' for the user and get a fake
login via modifying its cookie.
like it would be the case if I would store the user name in the cookie only.

(But this method is not safe if you as a user are connected via an unsecured
WLAN)

Regards,
Peter.


not sure, but i would think it would be ok. i think the token should
already be url safe, but once again - not sure.

-igor

On Sat, Dec 4, 2010 at 12:38 PM, Peter Karichpeat...@yahoo.dewrote:

  Igor,

there is token_secure. So storing it in clean text should be ok, right?
Or do I need to encrypt (or at leat base64ing) it?

Regards,
Peter.


store the token in a cookie and attempt to auto-reologin user based on
it?

-igor

On Sat, Dec 4, 2010 at 11:51 AM, Peter Karichpeat...@yahoo.de
  wrote:

  Hi,

do you know of any examples for wicket which uses twitter's oAuth?
In my app I can easily login and use the twitter api,
but I'm kind of stuck how to avoid that the user needs to login every
time
after the session expires.

Any other hints, links or best practices?

Kind regards,
Peter.



-
To unsubscribe, e-mail: users-unsubscr...@wicket.apache.org
For additional commands, e-mail: users-h...@wicket.apache.org