lava-tool supports making authenticated calls to servers that use linaro-django-xmlrpc for their API support.
OAuth is too complicated. We use TLS (i.e. https).
The way we envision this working is to use the facilities described in https://wiki.linaro.org/Platform/Validation/Specs/XMLRPCAuthenticationTokens to generate a token (which will be a 30-ish character ascii string). Once the token has been obtained it can be given to lava-tool:
$ lava-tool auth-add https://validation.linaro.org Paste token:
This will check that the token works and store it in the keying (using python-keyring). Then any api call to and endpoint on the given site (here https://validation.linaro.org) will include the token along with the request.
There will also be auth-list and auth-remove commands for manipulating the set of stored tokens.
The auth-* commands are all pretty simple really. Wanting to support auth-list means that we'll store the tokens in a json or similar dict in a single key in the keyring.
We'll also provide a subclass of ServerProxy that uses the tokens for auth.
This should highlight any issues that should be addressed in further specifications, and not problems with the specification itself; since any specification with problems cannot be approved.
BoF agenda and discussion
Use this section to take notes during the BoF; if you keep it in the approved spec, use it for summarising what was discussed and note any options that were rejected.
Platform/Validation/Specs/ClientSideAuthenticationTokens (last modified 2011-05-20 03:41:27)