Comments (4)
Hi,
Sorry I didn't flag this up sooner - I only just made the connection myself.
We should prioritise implementing OAuth 1 as that's the version set out in the spec. OAuth 2.0 support is still very nice to have though.
Andrew
from learninglocker.
OAuth is an interesting one. While looking over the spec and supporting blog posts, there appears to be a mixture of OAuth 1.0 and 2.0 mentioned. Given this, we decided to go with OAuth 2.0 as that is what the majority of the major services (Twitter aside) have adopted.
In this post - http://tincanapi.com/building-a-learning-record-store/ - OAuth 2.0 is mentioned "An LRS has to follow oAuth 2.0's scope parameter" and throughout the spec there is reference to both such as:
https://github.com/adlnet/xAPI-Spec/blob/master/xAPI.md#oauthscope - "The LRS MUST accept a scope parameter as defined in OAuth 2.0"
https://github.com/adlnet/xAPI-Spec/blob/master/xAPI.md#security - "The LRS MUST support authentication using at least one of the following methods: OAuth 1.0 (RFC 5849)...."
While read this, it didn't sound like OAuth 2.0 is being treated as a further options as well as OAuth 1.0, it sounds like the two are being talked about as if the same thing - which they are not. That said, I could have the wrong end of the stick.
OAuth 1.0 and 2.0 are essentially different beasts so I think we will only have time to adopt one or the other at this time and given a fair bit of leg work has been done for OAuth 2.0, I would vote for that.
from learninglocker.
That part confused me too. I know understand that the idea is that oauth 1 is what's suggested but that the scopes are being borrowed from oauth 2.
That said, there's nothing in the spec to say that we have to support oauth 1 and that we can't support oauth 2. It's just that client applications are more likely to look to support oauth 1. I'm not aware if any that actually exist at the moment though.
How much work have we put into oauth 2 and how much is remaining?
from learninglocker.
A good bit of the ground work is in rc1 - we forked https://github.com/LearningLocker/oauth2-server-laravel to work with LL and if you look in routes.php you will see routes that let apps authorize. Really, the last remaining thing is to devise a couple of default grant types, wire those up and it will be ready to test.
from learninglocker.
Related Issues (20)
- Worker crashes due to JSON.parse on version 7.1.1 HOT 2
- Data exportation to CVS with JS array HOT 1
- Forward Statement - Duplicated data (Open Source)
- Unauthorized error on fresh installation HOT 1
- Bad Mongo authentication is silently swallowed by xAPI service (Open Source)
- AWS AMI Errors with updating system
- Learning Locker Open Source does not recognize previous statements (progressed/passed) after version upgrade
- Learning Locker Open Source version not changed on Login screen after version upgrade
- Auth error: { message: ^[[32m'Cannot read property \'organisationSettings\' of null'
- xApi statements related APIs endpoints are not working HOT 2
- ReferenceError: TextEncoder is not defined HOT 2
- Installing in docker container errors while making the google-gax package HOT 2
- xAPI Issues Making it Not Running HOT 23
- Postman send statement failure | A server error occurred | no mango primary found HOT 1
- Getting 401 Unauthorized for xAPI response HOT 28
- Ubuntu20 install faild
- Still active? HOT 4
- I created an administrator account with createSiteAdmin and tried to log in, but I couldn't log in.(message : Incorrect login details) HOT 1
- Aggregate calls forcing [] bracket wrapping on the response. This unfortunately interferes with some 3rd party charting libraries.
- Extract personas performance issue
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from learninglocker.