New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow OAuth authentication dance with no local webserver #33

Merged
merged 1 commit into from Jul 19, 2013

Conversation

Projects
None yet
2 participants
@craigcitro
Contributor

craigcitro commented Jul 15, 2013

I'd like to be able to do the OAuth2 dance with no local webserver at all, i.e. by manually copy-pasting a URL and then an authorization code. This is clearly less exciting as a user experience, but is sometimes a necessity (I often find myself doing the auth dance on a machine which isn't visible to the outside world, or only has SSH access).

I've actually got a version of this I've been using locally, and I'll submit a pull request shortly. In particular, I added an extra use_local_webserver argument to oauth2.0_token, though I'm happy to thread that out as far as is reasonable. I'm also happy for someone to come up with a better name for the flag.

This is the same request that was mentioned in #31, but is not quite the same as the solution proposed by #32, unless httpuv is cleverer than I think. ;)

@hadley

This comment has been minimized.

Member

hadley commented May 13, 2013

Sure - I'd be happy to check out a pull request.

@sckott sckott referenced this pull request Jul 3, 2013

Open

Authentication #13

@craigcitro

This comment has been minimized.

Contributor

craigcitro commented Jul 15, 2013

Note that this includes the commit from #45, since I don't know how to tell github to use that pull as the base for this pull request.

@hadley

This comment has been minimized.

Member

hadley commented Jul 16, 2013

If you now rebase this branch it won't include the changes from the other pull request. Otherwise, you need to make each pr in a separate branch.

oauth2.0_token <- function(endpoint, app, scope = NULL, type = NULL) {
authorize <- modify_url(endpoint$authorize, query = compact(list(
oauth2.0_token <- function(endpoint, app, scope = NULL, type = NULL,
use_local_webserver = TRUE) {

This comment has been minimized.

@hadley

hadley Jul 16, 2013

Member

How about use_oob = FALSE as an argument?

authorizer <- oauth_listener
redirect_uri <- oauth_callback()
} else {
authorizer <- oauth_exchanger

This comment has been minimized.

@hadley

hadley Jul 16, 2013

Member

Somewhere, maybe here, it needs to throw an error if using oob, but not interactive()

This comment has been minimized.

@craigcitro

craigcitro Jul 18, 2013

Contributor

I've added it here -- but one day if we're testing this, we may want to switch that.

message("")
message(" ", request_url)
message("")
authorization_code <- stringr::str_trim(readline(

This comment has been minimized.

@hadley

hadley Jul 16, 2013

Member

You shouldn't need the explicit stringr:: here

@hadley

This comment has been minimized.

Member

hadley commented Jul 16, 2013

Could you please also add a bullet point to the NEWS file?

@craigcitro

This comment has been minimized.

Contributor

craigcitro commented Jul 19, 2013

So I've hit everything in this change and squashed, thinking I was done. After that, I realized I should probably add a test, but I couldn't think of anything terribly meaningful to test without doing some sort of mocking/stubbing.

Would it be worth adding a test to confirm that in a non-interactive session, trying to say use_oob = TRUE fails?

@hadley

This comment has been minimized.

Member

hadley commented Jul 19, 2013

Some tests would be nice, but it's hard without a OAuth server to test against. I don't think it's worth bothering to test that use_oob = TRUE fails in a non-interactive session as that's trivial to verify by eye.

@craigcitro

This comment has been minimized.

Contributor

craigcitro commented Jul 19, 2013

A little googling turns up this:
http://term.ie/oauth/example/

I could make a block that first checks to see if term.ie is available, and if so tries to do an oauth dance with it; I suspect that'll be fragile. Otherwise, I think this is good to go ...

hadley added a commit that referenced this pull request Jul 19, 2013

Merge pull request #33 from craigcitro/oauth-no-local-server
Allow OAuth authentication dance with no local webserver

@hadley hadley merged commit e506736 into r-lib:master Jul 19, 2013

@hadley

This comment has been minimized.

Member

hadley commented Jul 19, 2013

How about you implement an OAuth server R package and then we can test against that ;)

@craigcitro

This comment has been minimized.

Contributor

craigcitro commented Jul 19, 2013

If you can come up with a sane reason someone would want to write an oauth server in R beyond testing this code, we can talk about implementing one. ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment