Dented Reality

All posts tagged 'authentication'

WordPress Authentication Framework: Keyring

Mar 19 2012
10

Keyring: An authentication framework for your plugins

Quite a while ago (like, in at least 2009), I started thinking about regaining control of all the content I was producing online. I was posting photos to Flickr, saving bookmarks to Delicious. I started Tweeting. I was checking in. All fun and games, and all of those services offer great tools for interacting with them (let’s face it, tools that are much better than WordPress’, because they are focussed on one thing). So I figured, why not write importers for these services and pull my content back over to my WordPress. And keep doing it periodically, so that I could keep using those tools. I want WordPress to be my “home on the web”, my digital hub, but I want to use these neat tools with their fancy apps and what-have-you.

Very quickly, I realized that if I was going to do anything useful on most web services, I’d need to be able to authenticate with them. No biggie, right? I know my username and password… Oh. Right. OAuth. Turns out that most web services use OAuth (or something similar) to authenticate, and it turns out that that’s actually a bit of a bear to implement, when all you want to do is write a simple little Twitter importer. And then again for a Foursquare importer. And a Flickr importer.

What I needed was a shared, generic authentication framework that would do all the heavy lifting for me. I would tell it I wanted a connection to specific service, and if it didn’t have one, it’d walk the user through the process of getting one. It’d give me a standardized format of authentication credentials and abstract out all the complexity of making authenticated requests against those services. Then it would make me a coffee*. What I needed, was Keyring.
Read the rest of this post…

Web Service Authentication APIs

Jan 23 2010
7

For a project I’m working on, I’ve been looking at a lot of web service authentication/verification APIs lately. I thought folks might be interested in the results. Here are the methods available for a variety of web services/applications online, with links to their appropriate docs:

Read the rest of this post…

No More HTTP Authentication

Mar 15 2004
0

Well, it’s official. webpad 3.0 will now use integrated, session-based authentication for users, rather than HTTP Authentication. I’ve changed to this in large part to allow me to use it in CGI mode (which, incidentally, works wonderfully), so webpad is even more portable now. In fact, if you have PHP running in CGI mode, I will be reccommending that you run webpad under that mode.

With the new integrated authentication, when you hit webpad you are presented with a log in screen, where you enter a username/password as normal, then continue to the actual application.

I’m also currently looking at templating (thanks to a previous hack that Brad Choate made to webpad 2.0 which allowed it to selectively edit the contents of a file, only within certain regions (denoted by webpad tags of some sort). I will have this functionality included in the official release of webpad 3.0 Personal Edition, and it will definitely be a part of the Professional release.

Things may have been quiet, but they’re not completely dead! :)

API Problem Fixed

Feb 12 2004
0

Thanks to a suggestion from Bill, I found the problem that AvantBlog has been having when attempting to authenticate with the Blogger.com servers… basically they moved their servers!.

As Robert discovered in this post, the server that responds to API requests moved from plant.blogger.com to www.blogger.com, so basically I was posting authentication requests to a server that didn’t exist. This has been rectified now and it appears to be operating properly.

Enjoy your blogging folks :)

AvantBlog Authentication Work-around

Aug 27 2003
0

I’ve posted details of an authentication problem work-around for AvantBlog. Basically the problem arises because AvantGo appears to expire sessions after about 24 hours whether you want them to or not (correct me if I’m wrong here anyone…)

To get around this, you can easily configure your AvantBlog channel to pass your username and password along with each request for the channel, as per these instructions;

  1. Go to https://my.avantgo.com/home/ and log in using your *AvantGo* details
  2. Click the “My Device” tab on the left
  3. Click your “AvantBlog” channel to modify its settings
  4. In the “Location” box, add the following onto the end of the address “?username=USER&password=PASS” (no quotes), where USER is replaced with your Blogger.com username, and PASS is replaced with your Blogger.com password.
  5. Save the details (“Save Channel”) and exit AvantGo’s website
  6. Synch your handheld again – you should find that you are now automatically logged into AvantBlog, and this should continue each time you synch, whether you post or not!

I’ll also post my warning that went with the mailing list email I sent out here;

Obviously, this method means that your channel is defined using your actual Blogger.com username and password, in plain text. These details are passed ‘over-the-wire’ in plain txt, so this is not particularly secure. The chances of someone exploiting this are minimal, however if your blog contains any sensitive information or is of a secure nature of any sort, I do not recommend that you configure AvantBlog using this method.

Enjoy!