tunix
commented
11 years ago Hey wookiehangover,
Of course I'd accept a pull request for such changes.
Closed wookiehangover closed 11 years ago
tunix
commented
11 years ago Hey wookiehangover,
Of course I'd accept a pull request for such changes.
prereality
commented
11 years ago Hi wookiehangover, I intend to take a look at this tonight and send a pull request in the next few days. I also want to see if i can improve the response time when choosing to play a video as its hard to tell sometime if the play request has been made due to a lack of feed back.
prereality
commented
11 years ago Hi tunix I have done most of the work to port over to the V2 api but I have a couple of questions. With regards to a platform like XBMC I will not be able to keep the plugin secret and and ID private as ever user will need it or the plugin will not be able to access the API. This seems weird to call it a secret and then give it out freely. Secondly it looks like you can no longer use the user secret and username with OAuth 2.0 it has to be the put.io login username and password, is this a bug or is this intended? Hope you can help.
tunix
commented
11 years ago Hey prereality,
I'll look at the API and get back to you. Thank you btw for implementing it.
Quis custodiet ipsos custodes?
On Sat, Sep 8, 2012 at 3:48 AM, prereality notifications@github.com wrote:
Hi tunix I have done most of the work to port over to the V2 api but I have a couple of questions. With regards to a platform like XBMC I will not be able to keep the plugin secret and and ID private as ever user will need it or the plugin will not be able to access the API. This seems weird to call it a secret and then give it out freely. Secondly it looks like you can no longer use the user secret and username with OAuth 2.0 it has to be the put.io login username and password, is this a bug or is this intended? Hope you can help.
tunix
commented
11 years ago Hey There,
I just checked the API docs and thought about it a little. As you have said, storing client id and secret in a published app is a known problem for oAuth2. So I propose the following solutions. Either:
We'll replace username/password fields at XBMC settings with a single access token field and will use that. In the case of access token expiration, we'll have to show a notice to the users. I know that users will have to trust me in this case but sharing app credentials are even worse imho.
I also asked a few questions about the API to my friends at put.io because changing response_type to token didn't work for me. I'll let you know when I get a response. Could you please also issue the pull request so that we can progressively discuss/develop in the mean time?
Best.
Quis custodiet ipsos custodes?
tunix
commented
11 years ago @prereality: API key/secret will be deprecated with APIv2. So the username/password behaviour is intended. It's also like that on any other popular service such as twitter, facebook etc.
prereality
commented
11 years ago Hi Tunix, If we cant automate the process then I suggest checking out this version of a V2 plugin for XBMC its faster uses v2 and support some additional features. It works by making the user get their code/token by visiting the put.io client app page to approve and accept permission. You then take the token you have been given and enter it into the XBMC plugin so you never need to enter your username or password. Its not perfect but its better and much faster than this current plugin.
https://github.com/ybrs/putio-xbmc-v2
Regards
tunix
commented
11 years ago Hey prereality,
Do you suggest stop developing the current plugin and migrate to the new one or fork it and merge into this one? In fact, Aybars has forked mine and made it V2 compatible. Either we can go with his branch or fork it. I couldn't understand what exactly is your suggestion.
Best, Alper
Quis custodiet ipsos custodes?
As noted for the past several weeks as a notification on put.io, the v1 api will be deprecated at the end of September. Are there any plans to update to v2 / is there any interest for a pull request to do so?