[Labs-l] OAuth with RSA key
Brad Jorsch (Anomie)
bjorsch at wikimedia.org
Mon Oct 17 14:36:51 UTC 2016
On Sun, Oct 16, 2016 at 11:28 PM, Magog The Ogre <magog.the.ogre at gmail.com>
wrote:
> The one example program makes only a vague reference to it (
> https://tools.wmflabs.org/oauth-hello-world/index.php?action=download),
> and the other (https://www.mediawiki.org/wiki/OAuth/For_Developers#PHP_
> demo_cli_client_with_RSA_keys) presupposes that I have preexisting
> libraries installed, for some reason.
>
In any case using RSA keys is going to want you to have some sort of
library installed to deal with using RSA keys, if not a library to handle
all the OAuth stuff itself.
The libraries needed for your second link are included in the OAuth
extension itself. The most relevant bit for your question here is the
OAuthSignatureMethod_RSA_SHA1::build_signature()
method[1] which uses PHP's openssl extension to do the actual signing.[2]
[1]:
https://phabricator.wikimedia.org/diffusion/EOAU/browse/master/lib/OAuth.php;51cd54d332d1b6c0647f3be699c000833cb9d54e$235-252
[2]: https://secure.php.net/openssl
> I just want to be able to authenticate the identity of users. Magnus
> Manske has said he doesn't want to maintain TUSC anymore, but I cannot
> figure out how to do this with the documentation provided.
>
Note that using RSA-SHA1 rather than HMAC-SHA1 is in no way required.
--
Brad Jorsch (Anomie)
Senior Software Engineer
Wikimedia Foundation
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.wikimedia.org/pipermail/labs-l/attachments/20161017/88e02c10/attachment.html>
More information about the Labs-l
mailing list