[OSM-dev] OAuth down

Pierre GIRAUD pierre.giraud at gmail.com
Thu Nov 17 22:31:32 GMT 2011


Hi,

I had a look at the oauth-plugin code
(https://github.com/pelle/oauth-plugin) which is supposed to be used
in OSM website to find where there could be an issue.

I suspect something goes wrong in the "oauth1_authorize" method:
https://github.com/pelle/oauth-plugin/blob/master/lib/oauth/controllers/provider_controller.rb#L101

If I understand correctly, the browser should be redirected to
"redirect_url". This "redirect_url" value comes either:
 - from the application settings (as set by user when registering the
application) if "oob" is given as value for "oauth_callback",
 - or, from the "oauth_callback" value set in parameters if not equal to "oob".

If "redirect_url" is empty, then "authorize success" is rendered.

I'm pretty sure that the latter is the case I'm currently facing.

Can someone please confirm I'm right?

Once again, as a test, you can try to login in
http://tasks.hotosm.org, or maybe use this client tester
http://term.ie/oauth/example/client.php.
I can provide advices on how to use the latter.

Thanks a lot.

Pierre




On Thu, Nov 17, 2011 at 10:01 AM, Tom Hughes <tom at compton.nu> wrote:
> On 17/11/11 08:58, Andy Allan wrote:
>>
>> On 17 November 2011 06:59, Pierre GIRAUD<pierre.giraud at gmail.com>  wrote:
>>>
>>> Can you point me to urls to show me what changed recently ? (commits,
>>> diffs)
>>
>> https://github.com/openstreetmap/openstreetmap-website/network
>>
>> The "what changed recently" was that we upgraded from rails 2.x to 3.1
>> - so many things needed changing. You can see the commits that were
>> rebased onto master, there's plenty of them, and lots of plugins have
>> changed too. It's unlikely that the diffs will help you figure out
>> what changed, since so much has! I guess if you can reproduce the
>> issue then a binary search might help, but it's likely to be a plugin
>> upgrade or some other large change.
>
> Correct - the oauth and/or oauth-plugin gems are probably involved
> especially as the oauth-plugin gem is an rc not a final release.
>
> What should be happening is that the rack module in oauth-plugin should be
> setting the token_callback_url on the ClientApplication object, which is
> then propagated to the RequestToken.
>
> Tom
>
> --
> Tom Hughes (tom at compton.nu)
> http://compton.nu/
>



-- 
-------------------------------------------------------------
  | Pierre GIRAUD
  | http://pierrelebricoleur.blogspot.com
  | http://www.flickr.com/photos/pierregiraud
-------------------------------------------------------------



More information about the dev mailing list