OAuth Integation with ServicesAPI

Project information

In today's web, people do not like to share or exchange all their stuff on one service. Today, we prefer to use Flickr for photos, YouTube for videos, Amazon for shopping, etc. In order to make integration of different web services (in order to satisfy all customer/user needs), APIs using Services API in a secure fashion are used. To provide a secure way of this type of communication, OAuth open protocol is a very good option. The current system of API keys used by Services API is a combination of user name and password, but this key is too unsafe to share around on web. Also this key cannot be unshared once it is shared or handed over to other web service. The token provided by OAuth system will provide a much safer and risk free browsing experience to users.
Integration of OAuth 1.0 core to Drupal's Service API will provide users/administrators a pluggable authentication system such that they can choose between the current system of API keys, or OAuth token system to access desired web services. The method OAuth uses is to provide “tokens” to users instead of keys. Now for each kind of web service, OAuth issues a different kind of token to user. Also, these tokens are time bound an amount of access time to another service and then it expires automatically (could be a two hour access time).

Does this mean that OAuth is like OpenID?
The OAuth approach might be considered better than the OpenID approach as users don't have to do anything to undertstand it. They just browse normally with their existing methods but in a secure manner.

OAuth integration with Service API will rescue users, and developers, who put themselves at risk by sharing their private information.

Important about this project
After discussing it with my mentors and looking at situations have decided to do this project as by not making an additional "oauth_services" module. We will be implementing OAuth's functionality to Drupal and Services by adding additional things to existing modules. So I will be commiting my code to "oauth" and "services" module not to an another new module.
This is in favor of all as we always want to install less no of modules while working :P .
Test Server is already running latest code which is in good condition to make tests with :) :
http://tut2tech.com/sb2/?q=admin/build/oauth
go on send me feedback
Discussion Link : http://groups.drupal.org/node/10268
Services Issues link : http://drupal.org/node/238814
oauth_services issue link : http://drupal.org/node/275107
Current status: Base work going on. Understanding Drupal core better and finding some algorithmic way to integrate OAuth to services module

Description

By means of this project I would like to contribute a module to the Drupal community which will provide existing Service API a pluggable authentication module such that users will be able to choose between existing API keys method or OAuth method to access other web services. Drupal's existing Services API implementation is pretty weak so integrating it with open protocol OAuth will enhance security features to it.

Status updates

• 20th May 2008 : Earlier preparations for project started ..
• 27th May 2008 - week 1
• Testing already existing(in development) OAuth module and looking at its implementation to Services via a hook system( hook still to produce by Adrain )
• Try implementing Server side testing with Drupal and OAuth
• Designing a UI for upcoming OAuth_services module its so-far decided contents will be
  • OAuth
  • Keys for Drupal site
  • Consumers user can access
  • Shared keys with other sites
  • A testing Browser for making requests
• Discussing more about its implementation in Services



Week with bad health - Now I am pushing it harder

WEEK - 2

• Working on a hook to implement OAuth's authentication system to Services
• coding UI for oauth_services
• modifying code in Services to work with new authentication system and end points

WEEK - 3

What I did this week :
• Fixed some code from OAuth module
  • Earlier it was producing key and secret for just one user and then it was overwriting it
  • Still to fix in it :
    1. Nonce entry to table with proper timestamp
• Made some changes to Services library to use OAuth for authorization
• Writing a module "oauth_call" so that test calls for request token and access token can be made from here only......... still in progress(not completed)
• Writing test code for requests (or test purpose only) - will be out soon