search

simon-brooke / youyesyet

Web-app to support canvassers in the forthcoming independence referendum in Scotland
GNU General Public License v2.0
3 stars 0 forks source link

Get oauth working #2

Open simon-brooke opened 7 years ago

simon-brooke commented 7 years ago

Getting oauth working looks like being

  1. Quite a lot of grief and
  2. You need a half-way working system before you can even start.

I still think it's the right thing to do. We can expect to be under constant attack from hostiles, and I don't want to be responsible for people's passwords. However, in the alpha phase, suitably seasoned passwords will be A LOT easier to handle, so I propose to implement passwords in the short term and kick this into the long grass until later in development.

simon-brooke commented 7 years ago

The two libraries to look at seem to be:

For OpenID to be useful to us, we need to be able to allow users to authenticate with any of

  1. Google
  2. Microsoft
  3. Twitter
  4. Facebook

The more the better, of course, but those are the key ones.

jamiehollern commented 7 years ago

That sounds like a sensible plan. For security reasons though I agree with you completely that OAuth is the way to go. Personally I'd be uncomfortable going any other way in production.

simon-brooke commented 7 years ago

This seems to be what we need for Microsoft authentication

simon-brooke commented 6 years ago

More useful links:

  1. https://gist.github.com/samn/6231768
  2. https://github.com/adamwynne/twitter-api
  3. https://github.com/mattrepl/clj-oauth
  4. https://github.com/mattrepl/clojure-twitter