(表1) OpenID と OAuth の比較
項目 OpenID OAuth IdPの名称 OP (OpenID Provider) SP (Service Provider) RPの名称 RP Consumer RPの識別 realmから自動で識別 Consumer Keyを事前に手動で取得 署名鍵の交換 Associationで動的に交換 手動で事前に交換 ユーザー識別子 ユーザーが選択したOpenID対応識別子 SPがユーザーに与えた識別子 Artifactの名称 Artifact Request Token Assertionの名称 Assertion Access Token 根底にある哲学 ユーザー中心主義 サービス提供者(アプリケーション)中心主義
Posted via web from 原宿工業大学 | Comment »
OAuthにくらべてアプリケーション側もユーザ側も作業を簡略化できるxAuthですが、当然デメリットがあります。OAuthの利点の一つ、ユーザがアプリケーションにパスワードを預けなくても良いという点が完全に失われます。xAuthでは一度Access Tokenを取得してしまえばそれ以降パスワードは使用しませんが、アプリケーションがパスワードをちゃんと破棄したかどうかはユーザにはわかりません。もしかしたらこっそりパスワードを保存していて、裏でこそこそと悪さをしてしまうかもしれないのです。つまり、Basic認証によるAPI利用の欠点(のひとつ)をxAuth認証も抱えているわけです。(まあ、認証したらすぐにパスワードを変えちゃうってのもアリですが、Twitterのパスワード変更は色々と面倒なので…)
The only problem is that Yahoo quietly pushed through an extension to OAuth called the OAuth Session Extension. This was all done publicly but it involves some major changes to OAuth token management, which is the exact thing that has been hardest for people to understand about OAuth in the first place.
python-oauth2/
|-- LICENSE.txt
|-- README.md
|-- debian
| |-- changelog
| |-- compat
| |-- control
| |-- copyright
| |-- pycompat
| |-- pyversions
| `-- rules
|-- example
| |-- client.py
| `-- server.py
|-- oauth2
| `-- __init__.py
|-- oauth2.egg-info
| |-- PKG-INFO
| |-- SOURCES.txt
| |-- dependency_links.txt
| |-- top_level.txt
| `-- zip-safe
|-- setup.cfg
|-- setup.py
`-- tests
`-- test_oauth.py
5 directories, 20 files
Posted via email from 原宿工業大学 | Comment »
Posted via web from 原宿工業大学 | Comment »
If you will have a look at OAuth examples on twitter apiwiki there are already examples available to use Sign in with Twitter with Django, so why this new howto and example code. Because being a perfectionist I like things to be the standard way, so for authentication django allows you to specify your own customized authentication backends. I thought why should not that be utilized to authenticate the Django User object with twitter.
Posted via web from 原宿工業大学 | Comment »
Welcome to the Developer Beta of the Twitter Application Platform! We’re just getting started, but we thought we’d start releasing components that will help you, the developers, connect your users with the world, right now.
For starters, we’re allowing you to both register your application here, as well as providing an improved Authentication System, OAuth. To read more about how this help both you and your users, please visit http://oauth.net.
Enjoy! And please report any bugs or general feedback to api@twitter.com.
Posted via web from 原宿工業大学 | Comment »
Plaxo is one of the earliest adopters of OpenID, allowing their users to sign into Plaxo using an OpenID enabled account with just a couple mouse clicks. Instead of requiring first-time Plaxo users to manually verify their email address by sending a verification email, Plaxo uses OpenID Attribute Exchange to verify Yahoo! and GMail email addresses without forcing users to wait at their mailbox for the verification email to arrive. Building on their successful experience with OpenID, Plaxo is experimenting with the Hybrid Protocol: A portion of new users who sign up for Plaxo using either a GMail or Yahoo account can now sign into Plaxo with their OpenID and authorize two-way data sharing of their Contacts and Activities via the Hybrid Protocol. You can read more about how this works on the Plaxo blog.
