Comment 11 for bug 532055
Revision history for this message
| Martin Pool (mbp) wrote Re: [Bug 532055] Re: Trusted credential-management apps are broken and doomed | #11 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
35a32c5
(Get the code!)
On 26 March 2010 01:16, Leonard Richardson
<email address hidden> wrote:
> "the option to send an http-authenticated request with username and
> password to create a token" -- how do you envision this working?
Launchpad already accepts http digest auth for requests. (Or did
last time I tried.) So I think you just need (handwaving)
https:/
to return an oauth token the application can then use. This is easy
for text-mode clients or clients that can't or don't want to do a
browser-based oauth dance. Obviously it only works for accounts that
actually have a password but many currently do.
We could also, as doctormo suggests, have you do
ssh <email address hidden> make-oauth-token --access=
but I think that would be harder to implement, and also harder for
non-unixy users to use. (Setting a password on an account is easier
and more familiar than making an ssh key.) But we could do both.
> Is
> there already a standard for this?
> Maybe the username is your OpenID
> identity URL and the password is the one you got from your OpenID
> provider? Does Launchpad send the password to the identity URL to verify
> it?
Ah, you're thinking of something different, which would be for
Launchpad to somehow proxy through to their original OpenID provider.
I agree that would be a bit weird and dangerous.
--
Martin <http://