Session key generation
I'm developing a simple app (actually an IRC bot) that will do lookups.
however I *don't* want people to have to pass their login/pass to me at all - I should have no need to intercept their personal stuff.
Is it possible to have the session key generated on the qrz.com site so they can just paste that in -- ideally with some sort of seed so it can only be used on the correct app.
in other words... oauth :-) http://oauth.net/
am happy to help with any backend devel / changes that would be required, but I think this would be a great way forwards.
Any of the web admins care to comment about the possibility of using OAUTH?
Obviously this doesn't answer your question, but I'll ask anyway.
Why do you want their user/pwd? Isn't it your user/pwd that all requests will come in against? You get the session and then do the lookup with your QRZ account that has an XML subscription.
Unless your bot will only be used by other QRZ XML subscribers, I'm not sure why having their info would be useful to you.
(apologies for delay in responding)
> Why do you want their user/pwd?
*I* don't want to have anything to do with their username / password at all. thats the point of oauth.
Plan is that my bot can offer minimal lookups, exactly the same as the public part of the website (and many other tools that do screenscraping thereof)
> Isn't it your user/pwd that all requests will come in against?
> You get the session and then do the lookup with your QRZ account that has an XML subscription.
Under the present system, yes.
*but* what I want is for a user who has a valid subscription for enhanced data to be able to authenticate the bot to show all the info on his behalf.
That way, there's no sharing of account info, I never need to know what the users password is, and qrz.com get valid usage stats (not only of which users are using the system, but which clients too)
See twitter http://dev.twitter.com/pages/oauth_faq or http://oauth.net/about/
> Unless your bot will only be used by other QRZ XML subscribers
Thats the plan.