search

billrobo / gdatacopier

Automatically exported from code.google.com/p/gdatacopier
0 stars 0 forks source link

oauth login #51

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Instead of prompting for password, please implement OAuth based login.

Original issue reported on code.google.com by mscurte...@google.com on 24 Feb 2010 at 8:30

GoogleCodeExporter commented 9 years ago 
Added for review in our milestone release.

Original comment by devraj on 24 Feb 2010 at 9:52

GoogleCodeExporter commented 9 years ago 
Advantages of using OAuth:
- user does not have to trust you with username and password (and this is a 
huge issue)
- user does not have to enter password for each command, the OAuth token can be
cached locally and reused

Original comment by mscurte...@google.com on 24 Feb 2010 at 11:23

GoogleCodeExporter commented 9 years ago 
Agreed. Please note our comment above and status of the request. We have 
accepted this as a valid feature 
request and will be scheduling it for development for one of our upcoming 
milestones.

Original comment by devraj on 24 Feb 2010 at 11:26

GoogleCodeExporter commented 9 years ago 
I have been contemplating working on this for the next release. A lot of 
gdatacopier users probably run headless boxes, any ideas as to how they would 
complete the OAuth login process without a browser?

Original comment by devraj on 17 Nov 2010 at 8:50

GoogleCodeExporter commented 9 years ago 
How the flow looks like if gdatacopier is on a desktop machine where there is a 
browser:
1. User initiates authorization process by running gdatacopier with a special 
command line parameter (for example: gdatacopier --auth)
2. gdatacopier constructs an OAuth request URL (it needs to grab a request 
token first with a direct call)
3. gdatacopier starts a browser and points to this URL
4. user logs in to Google, if necessary
5. user approves access for gdatacopier
6. a result page is displayed with a verification code (the code shows as query 
parameter, window title and also in text displayed to user)
7. gdatacopier grabs the verification code
8. gdatacopier exchanges the verification code for an access token

There is a bit of hand waving in step 7, and step 2 is somewhat related. I can 
get into details if you want.

If gdatacopier runs on a headless box, then:
1. same
2. same
3. gdatacopier prints the request URL and asks user to copy to a machine where 
it has a browser (if user is ssh-ed into the headless box then it can just 
right click on link and open browser)
4. same
5. same
6. same
7. user copies verification code from result page and pastes into gdatacopier, 
gdatacopier is either waiting for input at this point or user needs to start 
gdatacopier with another command line option (for example: gdatacopier --auth 
--code=xyz)
8. same

Makes sense?

As an alternative, instead of 1-3 you can provide a simple web app that does 
the same. This web app can also do 6-8 and at the end show the access token to 
the user. The user now can grab this access token and paste into gdatacopier 
config file, it is the same as a service specific password.

Original comment by mscurte...@google.com on 17 Nov 2010 at 6:40

GoogleCodeExporter commented 9 years ago 
Re-assigned to Mcanato

Original comment by devraj on 2 Dec 2010 at 11:11

GoogleCodeExporter commented 9 years ago 
OAuth 2 legged authentication is under development

Original comment by mcanato on 7 Dec 2010 at 8:17

GoogleCodeExporter commented 9 years ago 
Fixed in 3.0 release

Original comment by devraj on 27 Feb 2012 at 9:43