|
Quoc-Huy NGUYEN DINH
Member since:
19 March 2008
Posts: 23
|
Thursday 21 October 2010 12:29:46 pm
I'm working on an OAuth support for this.
The issue is to have the admin authorize the extension at install time.
Solution 1:
1 - use ssh terminal to generate the request token and access token request URL
2 - the user open the access token request URL in a browser and get a PIN code
3 - use ssh terminal to validate the request token with the pin code and generate the access token and token secret
4 - the admin save the token/token secret in an INI file.
Zend seems not to be supporting PIN code validation but use Callback URL redirections instead. So this leads to...
Solution 2:
1 - create a module/view for the extension
2 - after installing and activating the extension, the admin goes to http://.../site_admin/autostatus/twitter_setup?action=register this will redirect him to Twitter where he will login and authorize the extension
3 - after authorization it will redirect him back to http://.../site_admin/autostatus/twitter_setup?action=validate the callback script will then display the token and secret
4 - the admin copies/pastes the token and secret in a INI file
Alternatively, solution 3:
1 - create a new extension let say eztwitteroauth lib and include Arc90 Twitter OAuth library
2 - configure autostatus to use eztwitteroauth extension to access twitter
3 - use solution 1 to setup the tokens/secret
What do you think?
|
|
|
Jérôme Vieilledent
Member since:
09 January 2008
Posts: 98
|
Thursday 21 October 2010 12:42:24 pm
Thanks Quoc Huy for your feedback :)
I'd rather prefer the first solution, but it could break identi.ca support.
I think that a factory solution could be nice, with "drivers" support (one for twitter, one for identi.ca, and extendable), so that we could use other libs than zend of this or that driver (like Arc90 with oAuth for Twitter)
|
|
|
Nicolas Pastorino
Member since:
14 September 2005
Posts: 60
|
Thursday 21 October 2010 12:56:00 pm
Hi Quoc Huy and thanks for these explanations.
Let us say we find a way to generate OAuth tokens and store them somewhere/somehow : can then the Zend lib (the currently used one) support this new authentication mode ?
A positive answer would let us only slightly alter the autostatus extension, and create a brand new one, as you suggested, properly decoupled, to handle authorization in a generic manner.
Cheers,
|
|
|
// kracker
Member since:
07 March 2003
Posts: 33
|
Thursday 21 October 2010 2:26:38 pm
|
|
|
Quoc-Huy NGUYEN DINH
Member since:
19 March 2008
Posts: 23
|
Friday 22 October 2010 11:06:57 am
@Jerome, I will check and confirm how doable is solution 1 without breaking other services. And will also see the "drivers" solution, already have an idea for this.
@Nicolas, if we can generate and store the tokens then the Zend lib will support it. See my test on my twitter @quochuync: "test zend twitter oauth - about 24 hours ago via eztweeter" :-) It was sent with a PHP script that uses Zend OAuth and the tokens from the extensions that comes with the tutorial I sent you.
@kracker, it looks more like for eZ to act as a OAuth server not client.
|
|
|
Nicolas Pastorino
Member since:
14 September 2005
Posts: 60
|
Saturday 23 October 2010 11:14:33 am
Having met Damien yesterday, he told me the Zend lib embedded in SVN at the moment is probably outdated, and that upgrading it to the latest version could be another solution : it probably supports OAuth.
Cheers !
|
|
|
Damien Pobel
Member since:
19 September 2005
Posts: 40
|
Saturday 23 October 2010 5:52:19 pm
Hi there :)
Sorry for the late reply I was quite busy those days... I'm happy to see such an animation here :-)
To complete Nicolas' answer only a part of an old version of the Zend Framework is embed in the extension. I don't remember exactly the version number (and unfortunately there's no info on that in the source code), but I think it's a part of the version 1.8 or 1.9. The current version of Zend Framework is 1.10.8 and the version 1.11 has reached the rc status.
In addition, there's a Zend_Oauth component [1] and the documentation explains how it works with Twitter as example :-) So I think it would be nice to stay with Zend Framework as the only "external" requirement.
On the oauth support, there are many things to keep in mind. One of the purpose of autostatus was to be able to configure everything in the admin interface and to be able to use several accounts on several social plateform on the same site. That's why you are currently able to configure the event type in the workflow edit interface of eZ Publish. Given that, I think a solution based on the "solution 2" is the best. In fact, we need to add a module/view where the admin user can enter the twitter login and ask the permission for posting messages on his behalf. When he is redirected, the token is saved in the database. Then in the template used to configure the event type for twitter, we have to replace the login / password fields by a drop down list where we let the user to choose the right account.
I hope to be able to work on autostatus next week, but if you want to contribute, feel free to register as a member of the project :-)
[1] http://framework.zend.com/manual/en/zend.oauth.html
Cheers
|
|
|
Quoc-Huy NGUYEN DINH
Member since:
19 March 2008
Posts: 23
|
Monday 25 October 2010 3:23:40 pm
On the tests I've done earlier, I used the Ubuntu version of Zend Framework and used the OAuth component. It's working as in the normal OAuth process where you need to redirect the user to Twitter and then back with the tokens. But we are creating a bot and the issue is to generate the tokens. I'm happy with staying with Zend but we need to agree on a way to generate the token and secret. That's the solutions I suggested. I suggested in solution #3 to use Arc90 because the Zend Component does not support PIN validation, it needs to be URL redirections, which is why I suggested solution #2.
If we go with solution #2, how would we save the token/secret? In an INI file or as you said in a DB? If DB then do you think we should create a new table? Or new 1 content classes: "Twitter accounts" which can contain multiple "Twitter account".
|
|
|
Damien Pobel
Member since:
19 September 2005
Posts: 40
|
Sunday 26 June 2011 2:10:40 am
Hi,
The OAuth support is finally there ;-) See http://websvn.projects.ez.no/wsvn...n/autostatus/?op=revision&rev=28
The solution currently implemented is close to solution 2. When configuring the workflow, you now have a button that redirects to Twitter or Identi.ca that will ask the authorization to the user, he's then redirected to a custom module/view that register the access token in the workflow event data and then the user is redirected again to the workflow event configuration screen.
Since Zend_Service_Twitter does not support Basic Auth anymore, Identi.ca implementation is also based on OAuth.
I need to test a bit more and to fix some others issues (see http://websvn.projects.ez.no/wsvn...tus/trunk/extension/autostatus/TODO) before the next release
Cheers
|
|
