Timeline for API Implicit Authentication with Python
Current License: CC BY-SA 3.0
Post Revisions
13 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Jan 9, 2012 at 22:53 | vote | accept | neydroydrec | ||
| Jan 9, 2012 at 22:52 | answer | added | neydroydrec | timeline score: 2 | |
| Jan 8, 2012 at 16:33 | comment | added | Jonathan. | With a browser control inside your application you would be able to retrieve the access token, with Firefox you can't. What your doing is unsupported so it not passing the access_token is probably because of that. If you want to get the access_token you have to let the user interact with the dialog directly. | |
| Jan 8, 2012 at 16:08 | comment | added | neydroydrec | @Jonathan: I understand your suggestion and it makes sense. On the other hand, Firefox is also an application with an interface like any other. What matters here is the handling the HTTP requests, not so much the rendering of HTML (take for instance the w3m text-browser). So although I consider your advice, my point is to understand these processes and reproduce them programmatically, so embedding a ready-made browser wouldn't make much sense to me in this context. | |
| Jan 8, 2012 at 16:04 | comment | added | Jonathan. | Use something like qtWebkit to show the login dialog: rkblog.rk.edu.pl/w/p/webkit-pyqt-rendering-web-pages | |
| Jan 8, 2012 at 15:52 | comment | added | Jonathan. | With python isn't there a way of showing a web page inside one of your application's window? You wouldn't show the user the dialog in the users default web browser. You can then monitor that browser control for when it loads a page then get the URL that was loaded and extract the hash. My point was meant to be that the dialog is not meant to be interacted with by the application, only the user, so it maybe for that reason that the hash is being lost. | |
| Jan 8, 2012 at 15:34 | comment | added | neydroydrec | @Jonathan: OK. It doesn't solve the initial problem though. Besides, if i'd proceed through the web-browser, I'd not be able to retrieve the access token at all, would I? | |
| Jan 8, 2012 at 15:21 | comment | added | Jonathan. | What I mean is don't log the user in through the application's interface. Just show the user the browser, and let them log themselves in. The login dialog is subject to change, there may be more login services added, or possible removed and the structure of it may change. | |
| Jan 8, 2012 at 14:32 | comment | added | neydroydrec | @Jonathan: you got me really confused here. In order to authorise an application, one needs to be logged in. What the script does is log in the user first--doing through the application's interface what one would do through the browser. Once one is logged in, the OAuth requests is made with the URL quoted above. I am also aware the user can register using different openID providers, the above is a draft using SE login only, but the final script would allow other IDs too. | |
| Jan 6, 2012 at 13:31 | comment | added | Jonathan. | You shouldn't be getting the users user name and password yourself. Not all users are registered with StackExchange, some use Google, Facebook etc (I dont know python so I'm not 100% sure exactly what your doing). just show the dialog to the user and they will log themselves. It's also a security issue as the user doesn't know that you're not keeping the password and doing bad stuff with it. Oauth means you never have to store the username and password, and you don't even need to store the access token persistently. | |
| Jan 6, 2012 at 10:58 | history | edited | neydroydrec |
edited tags
|
|
| Jan 6, 2012 at 0:46 | history | edited | neydroydrec | CC BY-SA 3.0 |
Specified implicit authentication in title
|
| Jan 6, 2012 at 0:41 | history | asked | neydroydrec | CC BY-SA 3.0 |