OAuth Plans
ToddWats
Registered Users Posts: 2 Beginner grinner
As mentioned on the OAuth site and here on the forum, due to a security advisory the OAuth APIs for SmugMug have been disabled. Since the post on the forum was not directly related to the OAuth issue, I thought I would start the topic here and find out any updates or plans for the direction of OAuth and SmugMug at this point? If it's going to be in the months time frame before there is a workable solution, then we will want to implement traditional login authentication in our application as the app just appears broken right now. If SmugMug is working on or has a solution you are going to go forward with, then it would be good to know so that we aren't wasting time moving away from the OAuth spec in our application. Anyway, thanks for any more info you can provide.
0
Comments
This sucks. :-{
We temporarily disabled OAuth, as precaution while we added additional logging to look for abuse outlined in the exploit.
My changes are committed and waiting to go live...so hopefully it will be back in action soonish.
Cheers,
David
SmugMug API Developer
My Photos
Great - glad to hear a fix is in the works.
Will we need to make any changes to the phpSmug OAuth procedures?
However, I'm currently reviewing the OAuth 1.0 Rev A (Draft 1) spec, I'll most probably start implementing this new version with a view to release it once it's being signed off on by the community. After that, I will mostly probably run both specs in parallel for a period of time, then OAuth 1.0 will be deprecated.
Hope this help, cheers...
David
SmugMug API Developer
My Photos
Um, can you detail what these changes are? I use phpSmug, so I guess I'll have to wait until that developer makes the appropriate changes on his end.
But if I'm feeling ambitious maybe I could take a look at the code.
Assuming I knew what to change.
SmugMug API Developer
My Photos