Announcement

Collapse
No announcement yet.

OSDash server authentication is here!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • OSDash server authentication is here!

    Goce and Sean have set up the server for OSDash, as you all know. If you want an account on it, PM myself or Goce or Optikalfx (Sean) to request it.

    In addition, there has been a need for a user ID access and authentication so that services are informed of the appropriate settings for each user. Sean came up with a solution for this problem and sent me an email about it. Here's what he says.
    So I've made 3 apps for OS Dash so far.
    Authentication app
    API key Generator
    APP Key Generator

    Basically how it works, a developer will include a server.php file I've made. And they have access to a Class called OSdash. You construct that class with your mp3car username, password, api key, and application key. From that, a session is created on success so we know the user was successfully authenticated.

    Every developer needs an api key
    Every application needs an application key.
    You can use the 2 apps I've made to get these items.
    http://www.mp3car.com/osdash/apiGen.php
    http://www.mp3car.com/osdash/appGen.php
    In both cases you need a forum username and password.
    You can play with the auth object here
    http://12.167.132.206/apps/auth
    When you get a success you will be shown a dump of the os dash output

    I made a wiki on all of this here.
    Originally posted by ghettocruzer
    I was gung ho on building a PC [until] just recently. However, between my new phone having internet and GPS and all...and this kit...Im starting to have trouble justfiying it haha.
    Want to:
    -Find out about the new iBug iPad install?
    -Find out about carPC's in just 5 minutes? View the Car PC 101 video

  • #2
    Great to hear! We still need an actual web service for login/auth that ties into this new code right?
    Former author of LinuxICE, nghost, nobdy.
    Current author of Automotive Message Broker (AMB).
    Works on Tizen IVI. Does not represent anyone or anything but himself.

    Comment


    • #3
      Right. But this gives us the username/id stuff we need for those services.

      We talked about maybe doing a gps location service as a simple one but I think that Matt noted we might need username/id to do that, so we can have the user set whether it is anonymous or shared or whatever.
      Originally posted by ghettocruzer
      I was gung ho on building a PC [until] just recently. However, between my new phone having internet and GPS and all...and this kit...Im starting to have trouble justfiying it haha.
      Want to:
      -Find out about the new iBug iPad install?
      -Find out about carPC's in just 5 minutes? View the Car PC 101 video

      Comment


      • #4
        Looking into this a bit more, this is a great big step in the right direction, however, I have a few concerns. Is it possible to make server.php a restful service? or perhaps create a php-based restful service that does the same thing as the test app but exposes a restful service instead of a form? The reason for this, is that we don't want to force the use of a single web language, ie, php.

        I'm also unclear as to the difference between an App key and an API key. I assume that the App key is for any client to use when authenticating. But what about the API key?

        I'm glad that we've taken this step so we can talk about it more and get this going. Communication is a huge barrier in dealing with distributed projects. Hopefully we can pull Goce and Sean into the forum channels and improve communication a bit. We need to know who is doing what and how so that there is no overlap and so we maintain a fluid direction.

        Moving forward, here are the parts we seem to need for login/authentication/sessions:

        1 - mp3car user account auth (which is this)
        2 - a login web service that talks with this and handles a session similarly to the login service proposal by justchat.
        3 - providing 1 and 2 work, we need the client to pass the user credentials, and app key (and api key?) to the login web service that will pass it on to the user account auth

        I'm a little fuzzy on the interaction points, so please correct me. Matt has something going for the login web service. We need to get him and Goce/Sean together to work out how the interaction will work and make it happen. Then I can get with Matt and talk about how it'll work on the client side.
        Former author of LinuxICE, nghost, nobdy.
        Current author of Automotive Message Broker (AMB).
        Works on Tizen IVI. Does not represent anyone or anything but himself.

        Comment


        • #5
          I've asked Goce and Sean to take a look at this thread and the one that specifies the requirements for the server - have you seen it? I just added the server sub-forum (which I've moved this thread into) but you may not have noticed.

          I'll take responsibility for trying to get these requirements drafts in place (not just the server but also the client) and keeping them up to date. That will allow us to reference actual documentation that we can point to that will let us mesh these things together.

          As for the REST question - if I understand RESTful services (and I don't think I really do), you would want to access something like http://www.osdash.org/clientlogin.html by supplying the API key, app key, username and passwor. Then, if that authenticates, you would be returned some sort of "active" state (not sure how that works). [Edit: Okay, I see. Something like an xml file comes back, which is why we need to define an OSDash data standard.]

          Then, if you wanted to do other stuff like use a user's gps web service you might ask the server whether a user has a gps service like so http://www.osdash.org/ServicesActive.html and would receive a list of services the user has turned 'on' from the web interface. And maybe http://www.osdash.org/ServicesActive/gps.html would return all of the information you need to interact with the gps service? And all further interaction with the gps service (like reporting the lat/long) would take place between the client and the gps service, correct?

          Is that how it works? As near as I can tell, it is sort of like traversing a set of links to different pages.
          Originally posted by ghettocruzer
          I was gung ho on building a PC [until] just recently. However, between my new phone having internet and GPS and all...and this kit...Im starting to have trouble justfiying it haha.
          Want to:
          -Find out about the new iBug iPad install?
          -Find out about carPC's in just 5 minutes? View the Car PC 101 video

          Comment


          • #6
            Originally posted by kev000 View Post
            Communication is a huge barrier in dealing with distributed projects. Hopefully we can pull Goce and Sean into the forum channels and improve communication a bit. We need to know who is doing what and how so that there is no overlap and so we maintain a fluid direction.
            Who here uses google wave?
            openMobile - An open source C# Front End (why choose openMobile?)
            - Always Recruiting Developers -
            Like what you see? Donations are always welcome

            Comment


            • #7
              Originally posted by justchat_1 View Post
              Who here uses google wave?
              +1 for google wave

              perfect idea for this project

              i have invites if people need em. PM me
              - Project: Unified Car Control
              - Original OpenMobile Interface Designer

              Comment


              • #8
                I'm game. It's a very cool set of tools. But everyone will need to use it.
                Originally posted by ghettocruzer
                I was gung ho on building a PC [until] just recently. However, between my new phone having internet and GPS and all...and this kit...Im starting to have trouble justfiying it haha.
                Want to:
                -Find out about the new iBug iPad install?
                -Find out about carPC's in just 5 minutes? View the Car PC 101 video

                Comment


                • #9
                  Guys

                  Lets just use the forum to start, i can set up another forum if you like for discussion. If we use google wave, we are just creating another thing to check and for us at mp3Car, this will become a hassle. Anyone can participate in the conversation here and be added to the conversation here on the forums. With Google Wave, you need to get access.

                  If there is some type of plugin we can add to the forums, we are happy to do it.

                  Mp3Car is putting real man hours into this, rather than other projects, and making an investment. I am not a huge fan of email and the amount of chatter Google Wave creates/allows for.
                  Suggestions or Comments on the forums? Post here.

                  mp3Car store order questions or products that you would like to sell on the store? Email store @ mp3car.com

                  Feel free to pm me if you:
                  • Have a general comment on mp3Car's products or services
                  • Have a product you would like to have tested by the mp3Car community
                  • Have a file you would like mp3Car to host
                  • Have a cool idea that would improve the forums

                  Comment


                  • #10
                    +1 for a separate forum
                    - Project: Unified Car Control
                    - Original OpenMobile Interface Designer

                    Comment


                    • #11
                      The forum is create for plotting out direction. However, some things require more direct communication like brainstorming. For that reason, irc and other chatting services are a good idea. mp3car already has an irc channel.

                      I do think whatever alternate communication method we use should be able to grab logs from and put them in this forum.

                      As for the data standard, I'll start a thread with my thoughts in that subforum.
                      Former author of LinuxICE, nghost, nobdy.
                      Current author of Automotive Message Broker (AMB).
                      Works on Tizen IVI. Does not represent anyone or anything but himself.

                      Comment


                      • #12
                        OFF TOPIC

                        anyway.

                        Let me try to clear up some auth questions.
                        Every developer will need to have an api-key. An api-key is a way we can tell that forum member X is an OS Dash developer.

                        Every application needs to have a unique identifier. that uid is the app-key. So as a developer, i have 1 api-key, and 5 app-keys, wherein i have 5 apps.

                        The auth works in this way. I've made a file on the mp3car servers that authenticates with an mp3car username and password. However, I'm using cURL to send either client or server side username and password to that remote file. All that server.php file is, is the curl function, and parsing out the return.

                        You don't NEED to have the server.php file, you can send data to the remote script however you want, but it has to be sent in the right manner for the auth to work. And then on top of that, i was formatting the object output in a way that you could easily use.

                        now i do wanna hear what your suggestions are to make this available to non php applications.

                        ill keep checking here to answer more questions.

                        Comment


                        • #13
                          -- reading more --

                          I could let you pass all the parameters in the URL to the file, but i really don't think that's a secure method. that's why im using cURL and not GET.

                          Comment


                          • #14
                            Originally posted by kev000 View Post
                            The forum is create for plotting out direction. However, some things require more direct communication like brainstorming. For that reason, irc and other chatting services are a good idea. mp3car already has an irc channel.

                            I do think whatever alternate communication method we use should be able to grab logs from and put them in this forum.

                            As for the data standard, I'll start a thread with my thoughts in that subforum.
                            Originally posted by UnusuallyGenius View Post
                            +1 for a separate forum
                            My google wave suggestion was exactly due to the communication needs of large distributed projects. We need a more instant form of communication (IRC is good but its 30 years old and doesn't keep an easily accessible chat history for everyone). The problem is that most instant communication allows for a single discussion at a time (including forums). Very often half way through a thread, 3 or 4 different ideas are being discussed at once and its quite easy for topics to get lost. Should you split a thread then it becomes very difficult to stay in the loop on it (or continue a discussion in two directions).

                            I think the best option would be a google wave plugin for the forums so that its publicly accessible but offers all the advantages of this new form of communication.
                            openMobile - An open source C# Front End (why choose openMobile?)
                            - Always Recruiting Developers -
                            Like what you see? Donations are always welcome

                            Comment


                            • #15
                              Matt and I had a spare moment we decided to hack out a few services. Can we see the code you use, cUrl, etc for autherizing an app against the server with the user/pass? Also, it seems like the url for the test auth is down: http://12.167.132.206/apps/auth

                              thanks,
                              Former author of LinuxICE, nghost, nobdy.
                              Current author of Automotive Message Broker (AMB).
                              Works on Tizen IVI. Does not represent anyone or anything but himself.

                              Comment

                              Working...
                              X