Authorization with third-party sites

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Authorization with third-party sites

Patrick Collison
Hi,

In my app, I need to have a third-party site verify a user's
credentials. This involves redirecting them to a login page on the
external site, and then, one the user logs in, the external server
redirects the user back to my server with a request that has an auth
token included (which I can store and use).

My current approach is to use actionUrlForContinuation: to get a
handle on the current continuation (as a URL), and then redirect to
the external server with the path of the URL included as an (encoded)
GET parameter. When the request comes back from the external server, I
can merge the two requests (by taking the one prepared earlier, and
tacking on extra GET params for the auth token, which we now have),
and redirect to _this_ URL, which will hopefully get me back to the
right place, with the right information included.

If it all sounds a little hairy, it is. Am I missing out on a simpler
way to implement all of it?

Cheers,

Patrick
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Authorization with third-party sites

Lukas Renggli
> If it all sounds a little hairy, it is. Am I missing out on a simpler
> way to implement all of it?

Isn't this exactly the same as with the e-mail confirmation discussed
on the mailing list a few days ago?

Lukas

--
Lukas Renggli
http://www.lukas-renggli.ch
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside
Reply | Threaded
Open this post in threaded view
|

Re: Authorization with third-party sites

Patrick Collison
On 04/05/07, Lukas Renggli <[hidden email]> wrote:
> > If it all sounds a little hairy, it is. Am I missing out on a simpler
> > way to implement all of it?
>
> Isn't this exactly the same as with the e-mail confirmation discussed
> on the mailing list a few days ago?

Yeah, that thread was helpful. It's not exactly the same, though -- in
this case, the app requires that extra information be supplied, so you
can't just redirect to the URL that was stored. Splicing together the
URLs to get the necessary parameters together strikes me as ugly.
Still, it works, so it's all good...
_______________________________________________
Seaside mailing list
[hidden email]
http://lists.squeakfoundation.org/cgi-bin/mailman/listinfo/seaside