Open bojanz opened 10 years ago
@mateu-aguilo-bosch you seem to have more OAuth experience ^^
@bojanz @mateu-aguilo-bosch
to be inconsistent, or inconsiderate (by throwing our own errors and doing a drupal_exit() inside the authorization plugin)
I think inconsiderate by consistent would be better. Maybe we can try/ catch the errors thrown by oauth, and $e->getMessage()
the original error message.
I need to have a way to specify a needed scope per action ("get" requires "view" but "post" requires "administration view" for example).
I was thinking about adding a feature to allow specifiying more options per endpoint, for example:
protected $controllers = array(
'' => array(
// Shorthand.
\RestfulInterface::GET => 'getList',
),
'\d+' => array(
// Verbose
\RestfulInterface::GET => array(
'method'=> 'viewEntity',
'access callback' => array($this, 'accessViewEntity'),
),
),
);
So the access could be moved to it's own method per endpoint.
I was thinking about adding a feature to allow specifiying more options per endpoint, for example:
+1
@bojanz, @amitaibu specifiying more options per endpoint has been already implemented. Does this unblock this?
@bojanz are you still interested (+ have time) in trying to tackle this?
What is the status of the oAuth2 Integration?
This is a sine qua non for using this on @chuva-inc projects
@wundo unfortunately I don't think that there's any effort happening at this moment.
Maybe it's your chance for a contribution? :smiley:
Also, it would be amazing that @chuva-inc provided some kind of support for this contribution!
I wish I had more knowledge around OAuth2 to tackle this. I think it can be a game changer for a lot of people (like @wundo).
@amitaibu any chance you can look into this one?
@amitaibu any chance you can look into this one?
Apart of not knowing anything about Oauth(2), honestly, as much as I'd like to see it as part of RESTful, since I don't have a client work for it -- I'm currently not super motivated to personally do it. On the other hand, I promise to try and delegate it to someone else ;)
Also @bojanz is just lazy - all he does is make e-commerce completely awesome :wink:
Delegating is good! I actually feel it could be a separate contrib module.
On Fri, Nov 28, 2014, 19:45 Amitai Burstein notifications@github.com wrote:
Also @bojanz https://github.com/bojanz is just lazy - all he does is make e-commerce completely awesome [image: :wink:]
— Reply to this email directly or view it on GitHub https://github.com/Gizra/restful/issues/111#issuecomment-64920705.
Started work here, although I haven't addressed either of Bojan's questions yet. https://www.drupal.org/sandbox/pjcdawkins/2446745
My answer to question 1 would be that inconsistency is better than inconsiderateness. The OAuth2 API already has to be treated differently than a typical RESTful API call.
Scopes are harder. But I'm only making an authentication plugin at the moment - not bothering with authorization.
@pjcdawkins that is great to hear! Let me know if there is anything we can do to help you move forward with this.
Just FYI, I think it's more appropriate as a patch for the OAuth2 Server module (because it would have needed a smaller patch anyway) - so I'm going to continue work here: https://www.drupal.org/node/2451303
@pjcdawkins awesome!
Have you considered the possibility of writing restful_oauth2
as a new module that extends oauth2
instead of patching oauth2
? I say that since this work will likely break backwards compatibility and will require a new oauth2
major version. This fact may throw back the maintainers to include your patch.
Maybe it's worth checking with https://www.drupal.org/u/hytse6c and https://www.drupal.org/u/hswong3i how they feel about this integration.
Again, thanks for the effort!
I mean the oauth2_server module. It's definitely not going to break BC
For what it's worth, I've committed a patch to OAuth2 Server which provides RESTful integration.
1) In your RESTful plugin, add
'authentication_types' => array('oauth2'),
2) Set the oauth2_server_restful_server
variable to the machine name of your OAuth2 server.
Yes! You rock @pjcdawkins!
Thanks for your work.
I've worked with restful before, however now I am tasked with an interesting problem.
1 . We are building an app that uses a yammer login to get access to the content.
I was thinking of using OAuth2 for this. I am new the Oauth2 and having to use it to authenticate via an api. Is restful a good solution for this? Or am I maybe overthinking this and there is a simpler way?
I'm looking into integrating oauth2_server and Restful.
Problem #1 Restful's fancy error handling. oauth2_server_verify_access() likes to do that by itself (output 401 + the json body with additional info), that comes from the underlying library mostly. Now, there are only a few possible errors, so I could translate that into what a restful user would expect, but it wouldn't be consistent with the errors that the oauth2 endpoints (oauth2/authorize, oauth2/token) are throwing (those are completely outside restful so they can't be affected + the list is huge) So the question is whether to be inconsistent, or inconsiderate (by throwing our own errors and doing a drupal_exit() inside the authorization plugin)
Problem #2 Scopes. I need to have a way to specify a needed scope per action ("get" requires "view" but "post" requires "administration view" for example). I can add some settings to the plugin metadata, but it feels like there should be a way to describe the actions (what's in $controllers + authorization info, for starters)