Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews


LINUX CATEGORIES:



GLOBAL PAGES >>
NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
WEEK'S BEST
  • BackTrack 5 R2
  • Wine 1.4 / 1.5.5
  • Mozilla Firefox 12...
  • Ubuntu 11.04
  • Angry Birds 1.1.2.1
  • Ubuntu 10.04.4 LTS
  • Linux Kernel 3.4
  • Ubuntu Manual 10.10
  • Adobe Flash Player...
  • Pidgin 2.10.4
    		•
    Home > Linux > Internet > HTTP (WWW)

    repoze.who.plugins.vepauth 0.3.0
    Download button

    No screenshots available
    Downloads: 75  Tell us about an update
    User Rating:
    Rated by:    		 NOT RATED
    0 user(s)
    Developer:

    License / Price:

    Last Updated:

    Category:         		Mozilla Services Team | More programs
    MPL / FREE
    February 22nd, 2012, 16:02 GMT [view history]
    ROOT / Internet / HTTP (WWW)

     Read user reviews (0)  Refer to a friend  Subscribe

    repoze.who.plugins.vepauth description

    Experimental BrowserID-and-OAuth plugin for use with sync

    repoze.who.plugins.vepauth is a repoze.who plugin for automated authentication via BrowserID:

     https://browserid.org/ https://wiki.mozilla.org/Identity/BrowserIDSync

    The plugin implements an experimental protocol for authenticating to ReSTful web services with the Verified Email Protocol, a.k.a Mozilla's BrowserID project. It is designed for use in automated tools like the Firefox Sync Client. If you're looking for something to use for human visitors on your site, please try:

     http://github.com/mozilla-services/repoze.who.plugins.browserid

    When accessing a protected resource, the server will generate a 401 challenge response with the scheme "OAuth+VEP" as follows:

    > GET /protected_resource HTTP/1.1
    > Host: example.com

    < HTTP/1.1 401 Unauthorized
    < WWW-Authenticate: OAuth+VEP url="/request_token"

    The client should extract the url from this challenge and POST a VEP assertion to that location. This will create a new authentication session and return a set of OAuth client credentials:

    > POST /request_token HTTP/1.1
    > Host: example.com
    > Content-Type: application/x-www-form-urlencoded
    >
    > assertion=VEP_ASSERTION_DATA

    < HTTP/1.1 200 OK
    < Content-Type: application/json
    <
    < {
    < "oauth_consumer_key": SESSION_TOKEN,
    < "oauth_consumer_secret": SESSION_SECRET
    < }

    Subsequent requests should be signed using these credentials in Two-Legged OAuth mode:

    > GET /protected_resource HTTP/1.1
    > Host: example.com
    > Authorization: OAuth oauth_consumer_key=SESSION_TOKEN,
    > oauth_signature_method="HMAC-SHA1",
    > oauth_version="1.0",
    > oauth_timestamp=TIMESTAMP,
    > oauth_nonce=NONCE
    > oauth_signature=SIGNATURE

     HTTP/1.1 200 OK
     Content-Type: text/plain

    For your eyes only: secret data!

    Session tokens are timestamped and will eventually expire. If this happens you will receive a 401 response as before, and should POST a new assertion to obtain fresh credentials.

    Product's homepage

    Requirements:

    · Python
    · repoze.who

    What's New in This Release: [ read full changelog ]

    Replaced Two-Legged OAuth with MAC Access Auth, implemented according to the latest draft standard:

    · https://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01

      


    TAGS:

    		 repoze.who plugin | automated authentication | BrowserID | repoze.who | authentication



    HTML code for linking to this page:


    Go to top

    WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

    SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
    © 2001 - 2012 Softpedia. All rights reserved.
    Softpedia® and the Softpedia® logo are
    registered trademarks of SoftNews NET SRL.    		 Copyright Information | Privacy Policy | Terms of Use