[Seaside] Re: [Seaside-dev] OAuth/Twitter demo in Squeak

Philippe Marschall philippe.marschall at gmail.com
Fri Aug 13 08:38:07 UTC 2010 

2010/8/13 Andreas Raab <andreas.raab at gmx.de>:
> Hi -
>
> I was playing with OAuth authentication and in the process decided to test
> it against Twitter and since it's kind of fun, I thought I'd share it with
> the rest of the world. You can run the (very simple) demo here:
>
>        http://ardemo.seasidehosting.st/seaside/twitter
>
> All it does is after you log in via Twitter it shows you the account info
> that Twitter shares with the app and allows you to tweet a little.
>
> The OAuth part itself is now integrated in WebClient's suite of auth methods
> and the little Twitter demo is available in
> http://www.squeaksource.com/ar.html and can be installed via
>
>        (Installer ss project: 'ar')
>                install: 'Twitter-Squeak'.
>
> Since I found OAuth to be a pretty major PITA I hope that this example will
> prove helpful for people who have to deal with this stuff.
>
> Lastly, a Seaside question that came up in the above: Part of the OAuth
> process requires passing a specific callback url to the remote site (which
> is the url the user gets redirected to after authentication was successful).
> Since I couldn't figure out how to obtain the url otherwise, I've been
> stashing it away in a rendering method (since there's access to the
> rendering context's callback store) like here:
>
> renderLoginPageOn: html
>
> host := self requestContext request headerAt: 'host'.

The host HTTP header might be lochalhost if you're behind an Apache
and don't have ProxyPreserveHost on so you might want to check whether
the #serverHostname preference is set.

>
>        "Set up the callback url for Twitter to return to"
>        callback := WAActionCallback on: [self twitterCallback].
>        url := html actionUrl copy addField: (html callbacks store:
> callback).
>
>        "We need the host and the scheme here; the scheme is guesswork"

If the server adaptor sets it on the request URL you can read it from there.

>        urlString := 'http://', host, '/', url asString.

IIRC the action URL has the host set if #serverHostname is set so you
might want to be careful with that #asString. Either use #pathString
or better yet set the hostname if it's not set.

>        oauthParams at: 'oauth_callback' put: urlString encodeForHTTP.
>
> and then later the callback is passed to Twitter and the user sent back to
> the app. This works, but I'm wondering if that's the right thing to do, and
> if not, how one would set up and register such a callback url outside of
> rendering.

AFAIK we don't have an API for conveniently registering callbacks and
answering the action URL so the result is always kinda ugly. It comes
up from time to time eg. for registration links. I'm wondering whether
the component is the right place for all the registration logic but it
seems to fit in nicely at first glance if you can live the the delay
for making an HTTP request.

If you're outside of rendering you'd have to set up an action
continuation, which is more work.

Cheers
Philippe

More information about the seaside mailing list