Info

Category: authentication
Licence: GNU General Public License (GPL) version 2
Updated: 64 days ago
Downloaded: 1405

Releases

Author Recommended: 0.6
Previous releases:
0.5 (64 days ago)
0.4 (139 days ago)
0.3.1 (232 days ago)
0.3 (234 days ago)
0.2 (382 days ago)
More projects by Justin Richer:
back to plugins

OAuth

Justin Richer

Profile

Following

Followers

Pages

Plugins

Justin Richer

by Justin Richer
First uploaded 382 days ago

2

Recommendations

Summary:

Full description:

This plugin makes available a fully functional OAuth consumer library and service provider library for Elgg. OAuth is a distributed API authentication protocol that allows users to delegate API access to their data without divulging their credentials to the API-consuming party. This plugin supports both version 1.0 and revision 1.0a of the OAuth protocol.

OAuth is a security protocol that allows delegated API access. What this means is that you can use it to allow one site to access your data on another site without having to save your username and password all over the place. This library sets up Elgg as both an OAuth server and client.

The client aspect here allows Elgg to act as an OAuth client on behalf of you to access protected resources on other sites. The Twitter API, for example, uses OAuth for authentication. We are currently working on Wordpress and MediaWiki plugins to allow for authenticated access between Elgg and these pieces of software. That's not to say that this plugin is a client for Twitter, Wordpress, or MediaWiki in and of itself: that's left to other plugins. What this plugin allows is for those plugins to use OAuth as an authentication mechanism to access the APIs of those pieces of software.

The server aspect allows you to write another piece of software, say on another website or a desktop client, that could access the Elgg API. This will be more useful once we see the API revisions in the next release.

The advantages to using OAuth are many. No username and password get sent across the wire between sites, ever. No need to store more than an opaque token on the client. It's an active standard with an established community. It's got great industry adoption, too.

This library could act as the basis for connecting Elgg sites together in a secure manner, allowing for mobile profiles and smart access to protected Elgg resources between sites, but it does not do that directly itself.

Some preliminary documentation is available on the wiki: http://docs.elgg.org/wiki/OAuth

This plugin depends on the url_getter plugin: http://community.elgg.org/pg/plugins/jricher/read/521642/url-getter

Release notes:

  • Fixed a bug in the /gottoken step causing it to short out
  • Added internationalization support and language keys
  • Cleaned up 1.0a flow support

Dave Bauer

Profile

Following

Followers

Pages

Plugins

Dave Bauer

Any plans to update this to OAuth 2.0?

Dave Bauer 30 days ago

Justin Richer

Profile

Following

Followers

Pages

Plugins

Justin Richer

@Dave: not exactly. We plan to keep this plugin as just OAuth 1.0, but to create a standalone OAuth2 plugin that can be installed either on its own or alongside this plugin. The OAuth2 spec is not backwards compatible, and while we are actively participating in its development, we still have need to support OAuth 1.0 and 1.0a clients and servers. Thus, this plugin in its current form won't be going away any time soon.

Justin Richer 24 days ago

mnrtrq

Profile

Following

Followers

Pages

Plugins

mnrtrq

Is this plugin used to login other site using elgg site login details?

 

Facebook is also using your OAuth. Right?

mnrtrq 18 days ago