[Ur] The right way to do federated login in 2015?

1337 777 1337777.net at gmail.com
Thu Nov 19 16:17:32 EST 2015 

After reviewing
http://hg.impredicative.com/openid

The only programmation thing which is extra beyond OAUTH is:
* temporarily storing the connection ("endpoint") tools:
    + dh secret exchange when not on httpS
    + enciphering/deciphering the hmac key using the dh secret
    + signing/verifying the connection data using this hmac key
* permanentlly storing the pairing of "user" profile with "identifier"

Therefore maybe some boring 3-hours trimming out of the texts of the
connection tools and the user-identifier pairing, without touching
anything else, shall give OAUTH... so what sense exactly is "some
oauth library" ?

hmmmm.. I have this OAUTH schema in mind for
https://developer.github.com/v3/oauth/

authorize
    ->GET redirect_uri stIdx, state, (scope)
~~Basis.redirect()/FFi.indirect()
redir_uri stIdx
    <-BACK code/identifier, state, [cookie]
    ->RPOST code/identifier, client_secret        ~~FFi.discovery()/FFi.direct()
    <-HTML token/endpoint, (token_scope, token_type)
apiform
    ->POST api_uri, token/endpoint
    <-HTML user

seq0: {stateIndex}
tab1: {stateIndex, state, option code/identifier, code_scope,
expirity, option (token/endpoint * token_scope * token_type)}
cookie: {stateIndex, state}

...

(ok ok ... I was putting on hold my coq proof of the biassociative
coherence, now I will write it before December 4 and publish somewhere
else just to be annoying)

On Thu, Oct 22, 2015 at 10:37 PM, 1337 777 <1337777.net at gmail.com> wrote:
>>
>> I'm motivated enough about at least the OAuth part, as I want to use
>> it for a web app, aimed at developers, to do login with GitHub
>> credentials.  So, I expect that bit would get done by early 2016, even
>> if no one else volunteers.
>
> how is this different than doing the crypto-signing/verifying
> mathematics not in the browser but behind some web interface ?
>
> Ultimately this is the genre of programming activity that I may do in
> the near future for some concurrent web app, therefore "I"😏 may as
> well start now until someone else is quicker ? (part-timing from
> readying for the univalent-foundations workshop this may 16-20 at the
> fields institute)

More information about the Ur mailing list