| A3M - Account Authentication & Authorization Module |
[eluser]Peng Kong[/eluser]
ok good idea i've created http://code.google.com/p/a3m/ and uploaded v0.5 as a download and to the svn trunk. im new using google code so will need sometime to get up to speed, feel free to suggest what i should do 
[eluser]LiamD[/eluser]
Cool! Really I think you'll find a wider audience on Google Code and it's also good for reporting issues, creating a wiki and so on. I am starting a project using A3M now (so I'll keep a close eye out for any bugs), and I've done a bit of penetration testing in the past, so I'll test A3M a whole bunch. I'd also be happy to help with writing documentation in the future. Anyway, please keep up the work, I think this could be the number one option for CI auth.
[eluser]codeninja[/eluser]
I am really waiting for the "linked account" feature to be completed so that I can use it in my projects. keep up the good work!
[eluser]Peng Kong[/eluser]
thanks LiamD, i hope so too! codeninja, i will work on that and it should be out somewhere next week. basically it will be a simple interface that allows you to link and deleted linked accounts. also i've completed the oauth integration (http://code.google.com/p/oauth-php/ r100) so it will be released together with 'linked accounts'. then all that is left is authorization - fine grain role based ACL
[eluser]codeninja[/eluser]
Sounds great. I am looking forward to test it and integrate it in our live product.
[eluser]Shanto[/eluser]
Impressive! Great work. I am seriously looking for something like this, waiting for role base access. Thanks.
[eluser]Peng Kong[/eluser]
Thanks Shanto Okie v0.6 is out! Download here Features added: 1. Management of Linked Accounts 2. Complete OAuth Server erm and i've updated my demo which im getting abit lazy to update -.- Known issues with demo 1. if you using sign in with twitter you get a error message saying "CURLOPT_FOLLOWLOCATION cannot be activated when in safe_mode or an open_basedir is set" http://au.php.net/manual/ro/function.cur....php#71313 explains why this happens and provides the solution 2. the developer link in the footer which goes to the oauth page is brown cuz my server is having issues with dev/random and i'm to lazy to get it configured or figure out a work around.
[eluser]Peng Kong[/eluser]
ok here's a little help on how to use the oauth part of a3m. 1) First what you need to do is go to https://localhost/a3m/oauth/apps and register a new app ok that's it! ... for the server part =p 2) Now, to test that our server is working i've got a controller to simulate the oauth consumer. Open a3m\system\application\modules\oauth\controllers\consumer.php and replace $key and $secret with the one you get from your newly register app. 3) Visit the url http://localhost/a3m/oauth/consumer/save . this "saves" the oauth consumer details in the oauth consumer (of cuz in our case it's all in the same db) 4) Great! now just visit http://localhost/a3m/oauth/consumer/obta...uest_token and you should see "Hooray! you're authenticated as user id..." after you authenticate and authorize. I've yet to do a page where the resource owner can revoke access after giving it out. that i will do after ACL is done.
[eluser]Zishan[/eluser]
Great job Peng. Saved me a week of figuring out CodeIgniter and programming this very same stuff  btw, I'm on hostgator, had some trouble getting segment urls and query strings working together. I think I'm past that hump: 1. rewrite rule RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?/$1 [L,QSA] 2. config.php $config['uri_protocol'] = "REQUEST_URI"; $config['url_suffix'] = "/"; Current problem is failure to log in with google, myspace and aol. The google error response is: Auth_OpenID_FailureResponse Object ( [status] => failure [endpoint] => Auth_OpenID_ServiceEndpoint Object ( [EDIT] ... ) [identity_url] => [message] => Invalid openid.mode '<No mode set>' [contact] => [reference] => ) I tried following this: http://code.google.com/p/diso/issues/detail?id=136 and these directions: http://ioni2.com/2009/wordpress-openid-l...nd-drupal/ but the techie I got said he couldn't help without something that actually produced a 403 error. He supposedly whitelisted me for rule 340163, but I'm still getting the same problem. Thoughts? [EDIT] Jfyi, that dump is of $response from sign_in_google.php controller, around line 94: // Complete authentication process using server response $response = $consumer->complete(site_url('account/sign_in_google/verify')); However, access log shows openid.mode parameter is defined: ...& openid.ns=http://specs.openid.net/auth/2.0& openid.mode=id_res& ... [EDIT2] Hit up another hostgator techie. Was rule ID 340153 ("Generic PHP code injection protection via ARGS 3"), not 340163 ("Remote File Injection attempt in ARGS (MM)"). |
| Welcome Guest, Not a member yet? Register Sign In |
