On 26 March 2010 01:16, Leonard Richardson
<email address hidden> wrote:
> "the option to send an http-authenticated request with username and
> password to create a token" -- how do you envision this working?
Launchpad already accepts http digest auth for requests. (Or did
last time I tried.) So I think you just need (handwaving)
to return an oauth token the application can then use. This is easy
for text-mode clients or clients that can't or don't want to do a
browser-based oauth dance. Obviously it only works for accounts that
actually have a password but many currently do.
but I think that would be harder to implement, and also harder for
non-unixy users to use. (Setting a password on an account is easier
and more familiar than making an ssh key.) But we could do both.
> Is
> there already a standard for this?
> Maybe the username is your OpenID
> identity URL and the password is the one you got from your OpenID
> provider? Does Launchpad send the password to the identity URL to verify
> it?
Ah, you're thinking of something different, which would be for
Launchpad to somehow proxy through to their original OpenID provider.
I agree that would be a bit weird and dangerous.
On 26 March 2010 01:16, Leonard Richardson
<email address hidden> wrote:
> "the option to send an http-authenticated request with username and
> password to create a token" -- how do you envision this working?
Launchpad already accepts http digest auth for requests. (Or did
last time I tried.) So I think you just need (handwaving)
https:/ /sabdfl:<email address hidden> /~sabdfl/ +make_oauth_ token?access= write_private
to return an oauth token the application can then use. This is easy
for text-mode clients or clients that can't or don't want to do a
browser-based oauth dance. Obviously it only works for accounts that
actually have a password but many currently do.
We could also, as doctormo suggests, have you do
ssh <email address hidden> make-oauth-token --access= write-private
but I think that would be harder to implement, and also harder for
non-unixy users to use. (Setting a password on an account is easier
and more familiar than making an ssh key.) But we could do both.
> Is
> there already a standard for this?
> Maybe the username is your OpenID
> identity URL and the password is the one you got from your OpenID
> provider? Does Launchpad send the password to the identity URL to verify
> it?
Ah, you're thinking of something different, which would be for
Launchpad to somehow proxy through to their original OpenID provider.
I agree that would be a bit weird and dangerous.
-- launchpad. net/~mbp/>
Martin <http://