Callsign
Results 1 to 4 of 4

Thread: Session key generation

ad: l-AmericanRadio
ad: l-assoc
ad: l-BCInc
ad: l-ezhang
ad: l-gcopper
ad: l-hrd-1
ad: l-innov
  1. 11-23-2010, 03:19 PM #1
    ELWELL
    ELWELL is offline QRZ Member
    Join Date
    Jun 2010
    Posts
    3

    Default Session key generation

    Hi Folks,

    I'm developing a simple app (actually an IRC bot) that will do lookups.

    however I *don't* want people to have to pass their login/pass to me at all - I should have no need to intercept their personal stuff.

    Is it possible to have the session key generated on the qrz.com site so they can just paste that in -- ideally with some sort of seed so it can only be used on the correct app.

    in other words... oauth :-) http://oauth.net/

    am happy to help with any backend devel / changes that would be required, but I think this would be a great way forwards.
  2. 12-08-2010, 01:16 PM #2
    ELWELL
    ELWELL is offline QRZ Member
    Join Date
    Jun 2010
    Posts
    3

    Default Bump...

    Any of the web admins care to comment about the possibility of using OAUTH?
  3. 01-15-2011, 06:49 PM #3
    K2DSL's Avatar
    K2DSL
    K2DSL is offline Platinum Subscriber
    Join Date
    Aug 2007
    Location
    Waldwick, NJ
    Posts
    398

    Default

    Obviously this doesn't answer your question, but I'll ask anyway.

    Why do you want their user/pwd? Isn't it your user/pwd that all requests will come in against? You get the session and then do the lookup with your QRZ account that has an XML subscription.

    Unless your bot will only be used by other QRZ XML subscribers, I'm not sure why having their info would be useful to you.
    K2DSL Blog
    Ham Radio Utilities
  4. 03-24-2011, 08:52 AM #4
    ELWELL
    ELWELL is offline QRZ Member
    Join Date
    Jun 2010
    Posts
    3

    Default

    (apologies for delay in responding)
    > Why do you want their user/pwd?

    *I* don't want to have anything to do with their username / password at all. thats the point of oauth.
    Plan is that my bot can offer minimal lookups, exactly the same as the public part of the website (and many other tools that do screenscraping thereof)

    > Isn't it your user/pwd that all requests will come in against?
    > You get the session and then do the lookup with your QRZ account that has an XML subscription.
    Under the present system, yes.
    *but* what I want is for a user who has a valid subscription for enhanced data to be able to authenticate the bot to show all the info on his behalf.

    That way, there's no sharing of account info, I never need to know what the users password is, and qrz.com get valid usage stats (not only of which users are using the system, but which clients too)

    See twitter http://dev.twitter.com/pages/oauth_faq or http://oauth.net/about/

    > Unless your bot will only be used by other QRZ XML subscribers
    Thats the plan.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules