Erlang codes on OAuth and OpenID
Switch branches/tags
Nothing to show
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
COPYING
GPL
README

README

erlauth

This is the library to attach OAuth and OpenID interface to your applications.

Copyright (C) 2009 OGAKI, Kazutaka <ogakikz@jin.gr.jp>

 
This program is copyrighted free software by OGAKI, Kazutaka. You can
redistribute it and/or modify it under the General Public License version 2
with some additional conditions (see the file COPYING).

Application Architecture

*Major subjects

- provider (original contents' service provider)
- user(End user: watching on browser screen)
- consumer (Contents Aggregator)

Every communication are done via HTTP, and defined in OAuth/OpenID specs.
HTTP request/responces are converted and arrived to Erlang ports. 
This library would cover part of port functions.

*Auhtentication

user				consumer			provider
|-----------------------------------request(null_session_key)----->|
                                                                   |
|<-------------------401 : authorization required -----------------|
|
|------------------------------------------- id, password -------->|
                                                                   |
|<-------------------OK : set session key -------------------------|
|
|----------------------------------request(valid_session_key)----->|
                                                                   |
|<-------------------200: authorization OK: contents---------------|


*Authorization

**initial case

user				consumer			provider
|------- Request(URL) ----------->|
                                  |
                                  |--- request(URL(content_id))--->|
                                                                   |
                                  |<-- 401: Auth requierd(token)---|
                                  |
|<-- 401: Auth requierd(token)----|
|
calculate hash(token)via session key and Nonce
|
|-Request(URL+hash))------------->|
                                  |
                                  |-request(URL+hash)------------->|
                                                                   |
                                  |<-- 200: OK : contents   -------|
                                  |
|<-- 200: OK : contents   --------|


**Persistent proxying(delegation)

In this case,
-Nonce includes timout.
-session key can be abandoned at any time
-URL has range (for various request.. not including upper level reference)

**Session key abandon (re-calculate)
This can be done re-play initial Authentication with null_session_key.
privider shall hold session_key as valid while correct id:password pair is given.