Closed
Bug 765350
Opened 12 years ago
Closed 12 years ago
Use JWT in solitude for talking to marketplace and solitude-proxy
Categories
(Marketplace Graveyard :: Payments/Refunds, defect, P2)
Tracking
(Not tracked)
RESOLVED
FIXED
2012-11-01
People
(Reporter: andy+bugzilla, Assigned: andy+bugzilla)
References
Details
(Whiteboard: [ye-olde-paypal])
This is a bit of pain, so feel free to bump this if it takes too long or is too painful. It is painful, but I've done it before so can do it again. Basically we want to do the 1.1 OAuth which is a two legged OAuth that signs the requests prior to processing them. Because I've done this, you can probably just copy this over and hopefully it will just work. So: - make a CONSUMER_KEY and CONSUMER_SECRET in settings/base.py and local. Leave base.py values empty. IT will be setting these on -dev and prod etc. - next parse all the incoming requests for the OAuth token. How? Take a look at: https://github.com/mozilla/zamboni/blob/master/mkt/api/authentication.py#L48 https://github.com/mozilla/zamboni/blob/master/mkt/api/resources.py#L40 if you can find a better way, go for it. - finally you'll need to alter all the tests that make requests: https://github.com/mozilla/zamboni/blob/master/mkt/api/tests/test_oauth.py#L51 This using python-oauth2 which is painful and not maintained.
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → xwraithanx
Target Milestone: --- → 2012-06-21
Assignee | ||
Updated•12 years ago
|
Priority: -- → P2
Assignee | ||
Comment 1•12 years ago
|
||
We are going to have to use jwt to sign bluevia tokens. Could we just use jwt for this? Only real downside is that I'll have to write a nice tool to replace curlish to use jwt so that we can interact easily on the command line. But that shouldn't be hard to fork.
Updated•12 years ago
|
Target Milestone: 2012-06-21 → 2012-08-09
Updated•12 years ago
|
Summary: Use OAuth in solitude → Use JWT in solitude for talking to marketplace and solitude-proxy
Updated•12 years ago
|
Target Milestone: 2012-08-09 → 2012-08-16
Updated•12 years ago
|
Whiteboard: [ye-olde-paypal]
Target Milestone: 2012-08-16 → ---
Comment 3•12 years ago
|
||
what does this have to do with paypal? It's about a secure communication channel between Marketplace and Solitude.
Assignee | ||
Updated•12 years ago
|
Assignee: xwraithanx → amckay
Target Milestone: --- → 2012-11-01
Assignee | ||
Comment 4•12 years ago
|
||
The JWT implementation has landed. https://github.com/mozilla/solitude/commit/f0f29d Next I've got to turn it on in a few places.
Assignee | ||
Comment 5•12 years ago
|
||
I'll file specific bugs for when we turn this on.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•