Profile

Cover photo
Ib Lundgren
Works at Google
Attended Luleå University of Technology
Lives in Zurich
231 followers|62,212 views
AboutPostsPhotosVideos

Stream

Ib Lundgren
owner

Discussion  - 
 
If you would like to help oauthlib by doing code reviews please ping https://github.com/idan/oauthlib/issues/294 and I will ask you to review  pull requests I make in the future. 

Your help will be much appreciated!
1
Add a comment...

Ib Lundgren

Shared publicly  - 
 
Excellent in depth episode on database systems, where they came from, are now, and are moving in the future from Software Engineering Radio.

Covers what is wrong with the traditional SQL architecture, why MapReduce is not the answer to everything, as well as outlines numerous interesting projects like Column DBs and Graph DBs and where they fit in. But most interestingly of all was probably the advances made in memory data bases over traditional disk focused DBs.
2
Add a comment...

Ib Lundgren

Shared publicly  - 
 
#Vim s gq command, saving my sanity on a daily basis.
The gq{motion} command will format a section of text. The ip motion selects the current paragraph, so gqip applies formatting to the current paragraph. Running the gq command moves the cursor to the end of the paragraph. If you want to keep the cursor on the same word, you can instead run the ...
1
Devin Carraway's profile photo
 
That video has voiceover straight out of either golf commentary or ornithology expedition footage, I'm not sure which.

A good command, though.  I use it a lot.
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
Deciding on OAuth token vs API keys?

If you want to protect your API so only authorized clients may access it then the common approach is to use API keys and basic authentication. This is useful when the API does not protect user data but generic data such as sport league results, tv listings, etc. Here any client with a valid API key is authorized to access any data and authenticates using said key.

When your API protects user data (tweets, pictures, etc.) you might want to restrict the clients so that they can only access user data after said user have given them permission. This is where OAuth comes in. OAuth gives a token which is essentially a temporary API key bound to only one users data. Often you want to restrict this even further by only allowing access to the users pictures. That is what OAuth scopes are used for. Note here that the user allowing a client access to its data is the "Authorization" of OAuth. 

To make sure the token sent from a client is from a valid client authentication is needed as well but optional in OAuth 2. Confidential (authenticated) clients in OAuth 2 usually authenticate using Basic Auth (but could be using pub/priv keys or any other method as well).

However if you will have mobile clients you are running into the issue of reliable authentication as there is no technically safe way to hide a secret on a device out of your control. OAuth 2 (Implicit grant) makes a compromise by not requiring authentication here but instead limiting the time a token might be used.
3
1
Ib Lundgren's profile photo
Add a comment...

Ib Lundgren

Shared publicly  - 
 
Just bought this excellent bootstrap template and will dissect it into jinja2 chunks over the next few days :)
Ace (v1.1.3) is a lightweight, feature-rich and easy to use admin template based on the latest stable version of Bootstrap. Dear user, to be notified of new updates please: Make sure you are a member at the marketplace, so that you will be notified through email when an update becomes available Subscribe to : http://feeds.feedburner.com/responsiweb Follow me on Twitter : http://twitter.com/responsiweb Also if you have already purchased an ol...
1
Add a comment...

Ib Lundgren

Shared publicly  - 
 
My home baked raspberry pi Wi-Pi powered wifi bridge seem to be dropping its connection randomly without any log message in sight. Power does not seem to be the problem. Might be a driver issue. 

Will debug further later but a simple cron to restart will do for now #raspberrypi  

* * * * * /bin/bash -c "ping google.se -c 1 || ifdown wlan0 && ifup wlan0"
2
Ib Lundgren's profile photoPeter Parnes's profile photo
3 comments
 
Thanks for the auto-tip. Will change that on mine. 
Add a comment...
Have him in circles
231 people
Ryan C.'s profile photo
Fabrice Fays (Leyab)'s profile photo
Giovanni Quattrone's profile photo
Equinox Realty's profile photo
Marcus Carlsson's profile photo
Kristoffer Svensson's profile photo
Şahin Yanlık's profile photo
Alessandro Bertero's profile photo
Moa Lundgren's profile photo

Communities

28 communities

Ib Lundgren
owner

Discussion  - 
 
Hey everyone!

Finally have some time after a long crunch of course assignments and other pressing duties and am happy to say that the loooong overdue release of OAuthLib 0.6.1 is pushed to PyPI. This includes numerous small updates so check out the README. It might contain some fairly raw features related to revocation so please let me know if you run into anything!

That was OAuthlib, going to catch up on requests-oauthlib (cc Cory Benfield)  on Wednesday :)
2
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
Quick How To: Fetching GMail emails using SASL XOAuth 2 (cc #Python)
How to fetch emails from GMail using an OAuth 2 Bearer token and GMails SASL XOAuth2 mechanism. - Gist is a simple way to share snippets of text and code with others.
2
Add a comment...

Ib Lundgren

Shared publicly  - 
 
 
Deciding on OAuth token vs API keys?

If you want to protect your API so only authorized clients may access it then the common approach is to use API keys and basic authentication. This is useful when the API does not protect user data but generic data such as sport league results, tv listings, etc. Here any client with a valid API key is authorized to access any data and authenticates using said key.

When your API protects user data (tweets, pictures, etc.) you might want to restrict the clients so that they can only access user data after said user have given them permission. This is where OAuth comes in. OAuth gives a token which is essentially a temporary API key bound to only one users data. Often you want to restrict this even further by only allowing access to the users pictures. That is what OAuth scopes are used for. Note here that the user allowing a client access to its data is the "Authorization" of OAuth. 

To make sure the token sent from a client is from a valid client authentication is needed as well but optional in OAuth 2. Confidential (authenticated) clients in OAuth 2 usually authenticate using Basic Auth (but could be using pub/priv keys or any other method as well).

However if you will have mobile clients you are running into the issue of reliable authentication as there is no technically safe way to hide a secret on a device out of your control. OAuth 2 (Implicit grant) makes a compromise by not requiring authentication here but instead limiting the time a token might be used.
View original post
1
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
OAuthLib 0.6 is out!

0.6 features a major interface change on the provider side where the method contract on all endpoints, OAuth 1 & 2, change to a three-tuple down from a four-tuple. Redirect URI is now placed in headers as Location where it belongs.

Other changes include a number of clean ups in tests and can proudly say we now reach 97% coverage :) With more edge case tests and clean ups on the horizon.

Next up on the to do list is Token Revocation, this spec is still a draft but fairly small in scope and doubt much changes will be made before RFC.

cc #python #oauth
oauthlib - A generic, spec-compliant, thorough implementation of the OAuth request-signing logic
1
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
Have a wish/suggestion for what to include in the #requests-oauthlib docs? I'd love a comment here or at https://github.com/requests/requests-oauthlib/issues/48.

It could be anything that needs improving (change structure, less/more detail etc) or something you want added. A specific guide/tutorial or example on how to use provider X.

A few obvious sections are missing related to the non web application flow, if you know providers other than Google offering these, let me know!
1
Add a comment...

Ib Lundgren
owner

Discussion  - 
 
requests-oauthlib 0.3.3 is now on PYPI!
...this version includes the fix for the OAuth1Session issue with parsing out access tokens =)

In other news: I just pushed a few changes to master, including a compliance fix for facebook to make their non spec compliant https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/ flow work. You can find the tutorial at RTDs.

Install from master with pip install -e git+https://github.com/requests/requests-oauthlib.git#egg=requests_oauthlib.

#python   #oauth   #facebook  
Credentials you get from registering a new application >>> client_id = '' >>> client_secret = '' >>> # OAuth endpoints given in the Facebook API documentation >>> authorization_base_url = 'https://www.facebook.com/dialog/oauth' ...
2
1
Ross Hendrickson's profile photo
Add a comment...
People
Have him in circles
231 people
Ryan C.'s profile photo
Fabrice Fays (Leyab)'s profile photo
Giovanni Quattrone's profile photo
Equinox Realty's profile photo
Marcus Carlsson's profile photo
Kristoffer Svensson's profile photo
Şahin Yanlık's profile photo
Alessandro Bertero's profile photo
Moa Lundgren's profile photo
Communities
28 communities
Education
  • Luleå University of Technology
    Computer Science and Engineering, 2009 - 2012
Basic Information
Gender
Male
Story
Tagline
Single threaded with faulty memory
Introduction
I am a student at Luleå University of Technology, studying a bachelors in Computer Science and Engineering and loving every bit of it. I get to tinker with anything that can give me electrical shocks and corrupt file systems. Huge fan of python but do a fair bit of fiddling in Java, C and Javascript as well.
Bragging rights
My name is shorter than yours
Work
Occupation
Software Engineer
Employment
  • Google
    Software Reliability Intern, present
Places
Map of the places this user has livedMap of the places this user has livedMap of the places this user has lived
Currently
Zurich
Previously
Luleå - Chamonix - Auckland - Båstad
Links