[Seaside] Re: [Seaside-dev] OAuth/Twitter demo in Squeak
philippe.marschall at gmail.com
Fri Aug 13 10:15:26 UTC 2010
2010/8/13 Philippe Marschall <philippe.marschall at gmail.com>:
> 2010/8/13 Andreas Raab <andreas.raab at gmx.de>:
>> Hi -
>> I was playing with OAuth authentication and in the process decided to test
>> it against Twitter and since it's kind of fun, I thought I'd share it with
>> the rest of the world. You can run the (very simple) demo here:
>> All it does is after you log in via Twitter it shows you the account info
>> that Twitter shares with the app and allows you to tweet a little.
>> The OAuth part itself is now integrated in WebClient's suite of auth methods
>> and the little Twitter demo is available in
>> http://www.squeaksource.com/ar.html and can be installed via
>> (Installer ss project: 'ar')
>> install: 'Twitter-Squeak'.
>> Since I found OAuth to be a pretty major PITA I hope that this example will
>> prove helpful for people who have to deal with this stuff.
>> Lastly, a Seaside question that came up in the above: Part of the OAuth
>> process requires passing a specific callback url to the remote site (which
>> is the url the user gets redirected to after authentication was successful).
>> Since I couldn't figure out how to obtain the url otherwise, I've been
>> stashing it away in a rendering method (since there's access to the
>> rendering context's callback store) like here:
>> renderLoginPageOn: html
>> host := self requestContext request headerAt: 'host'.
> The host HTTP header might be lochalhost if you're behind an Apache
> and don't have ProxyPreserveHost on so you might want to check whether
> the #serverHostname preference is set.
>> "Set up the callback url for Twitter to return to"
>> callback := WAActionCallback on: [self twitterCallback].
>> url := html actionUrl copy addField: (html callbacks store:
>> "We need the host and the scheme here; the scheme is guesswork"
> If the server adaptor sets it on the request URL you can read it from there.
>> urlString := 'http://', host, '/', url asString.
> IIRC the action URL has the host set if #serverHostname is set so you
> might want to be careful with that #asString. Either use #pathString
> or better yet set the hostname if it's not set.
>> oauthParams at: 'oauth_callback' put: urlString encodeForHTTP.
>> and then later the callback is passed to Twitter and the user sent back to
>> the app. This works, but I'm wondering if that's the right thing to do, and
>> if not, how one would set up and register such a callback url outside of
> AFAIK we don't have an API for conveniently registering callbacks and
> answering the action URL so the result is always kinda ugly. It comes
> up from time to time eg. for registration links. I'm wondering whether
> the component is the right place for all the registration logic but it
I meant the twitter callback.
More information about the seaside