OAuth Plans

ToddWatsToddWats Registered Users Posts: 2 Beginner grinner
As mentioned on the OAuth site and here on the forum, due to a security advisory the OAuth APIs for SmugMug have been disabled. Since the post on the forum was not directly related to the OAuth issue, I thought I would start the topic here and find out any updates or plans for the direction of OAuth and SmugMug at this point? If it's going to be in the months time frame before there is a workable solution, then we will want to implement traditional login authentication in our application as the app just appears broken right now. If SmugMug is working on or has a solution you are going to go forward with, then it would be good to know so that we aren't wasting time moving away from the OAuth spec in our application. Anyway, thanks for any more info you can provide.

Comments

  • darryldarryl Registered Users Posts: 997 Major grins
    edited April 28, 2009
    Nooo! And just when I finally got around to using OAuth for several projects (thanks to the wonderful phpSmug, which allows me to know nearly nothing about OAuth.)

    This sucks. :-{
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited April 28, 2009
    Hey Guys,

    We temporarily disabled OAuth, as precaution while we added additional logging to look for abuse outlined in the exploit.

    My changes are committed and waiting to go live...so hopefully it will be back in action soonish.

    Cheers,

    David
    David Parry
    SmugMug API Developer
    My Photos
  • frbfrb Registered Users Posts: 18 Big grins
    edited April 30, 2009
    devbobo wrote:
    Hey Guys,

    We temporarily disabled OAuth, as precaution while we added additional logging to look for abuse outlined in the exploit.

    My changes are committed and waiting to go live...so hopefully it will be back in action soonish.

    Cheers,

    David

    Great - glad to hear a fix is in the works.

    Will we need to make any changes to the phpSmug OAuth procedures?
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited April 30, 2009
    OAuth is live again, at this point no changes are required.

    However, I'm currently reviewing the OAuth 1.0 Rev A (Draft 1) spec, I'll most probably start implementing this new version with a view to release it once it's being signed off on by the community. After that, I will mostly probably run both specs in parallel for a period of time, then OAuth 1.0 will be deprecated.

    Hope this help, cheers...

    David
    David Parry
    SmugMug API Developer
    My Photos
  • darryldarryl Registered Users Posts: 997 Major grins
    edited May 2, 2009
    devbobo wrote:
    OAuth is live again, at this point changes are required.

    Um, can you detail what these changes are? I use phpSmug, so I guess I'll have to wait until that developer makes the appropriate changes on his end.

    But if I'm feeling ambitious maybe I could take a look at the code.

    Assuming I knew what to change.
  • devbobodevbobo Registered Users, Retired Mod Posts: 4,339 SmugMug Employee
    edited May 2, 2009
    My bad, that was meant to be no changes are required. Fixed my original post :)
    David Parry
    SmugMug API Developer
    My Photos
Sign In or Register to comment.