ad: Radclub22-1

Session key generation

Discussion in 'QRZ XML Logbook Data' started by VK7HPC, Nov 23, 2010.

Thread Status:
Not open for further replies.
ad: L-HROutlet
ad: l-rl
ad: Left-3
ad: Radclub22-2
ad: L-MFJ
ad: Left-2
ad: abrind-2
  1. VK7HPC

    VK7HPC Ham Member QRZ Page

    Hi Folks,

    I'm developing a simple app (actually an IRC bot) that will do lookups.

    however I *don't* want people to have to pass their login/pass to me at all - I should have no need to intercept their personal stuff.

    Is it possible to have the session key generated on the qrz.com site so they can just paste that in -- ideally with some sort of seed so it can only be used on the correct app.

    in other words... oauth :) http://oauth.net/

    am happy to help with any backend devel / changes that would be required, but I think this would be a great way forwards.
     
    VK7HPC, Nov 23, 2010
    #1
  2. VK7HPC

    VK7HPC Ham Member QRZ Page

    Bump...

    Any of the web admins care to comment about the possibility of using OAUTH?
     
    VK7HPC, Dec 8, 2010
    #2
  3. K2DSL

    K2DSL Platinum Subscriber Platinum Subscriber QRZ Page

    Obviously this doesn't answer your question, but I'll ask anyway.

    Why do you want their user/pwd? Isn't it your user/pwd that all requests will come in against? You get the session and then do the lookup with your QRZ account that has an XML subscription.

    Unless your bot will only be used by other QRZ XML subscribers, I'm not sure why having their info would be useful to you.
     
    K2DSL, Jan 15, 2011
    #3
  4. VK7HPC

    VK7HPC Ham Member QRZ Page

    (apologies for delay in responding)
    > Why do you want their user/pwd?

    *I* don't want to have anything to do with their username / password at all. thats the point of oauth.
    Plan is that my bot can offer minimal lookups, exactly the same as the public part of the website (and many other tools that do screenscraping thereof)

    > Isn't it your user/pwd that all requests will come in against?
    > You get the session and then do the lookup with your QRZ account that has an XML subscription.
    Under the present system, yes.
    *but* what I want is for a user who has a valid subscription for enhanced data to be able to authenticate the bot to show all the info on his behalf.

    That way, there's no sharing of account info, I never need to know what the users password is, and qrz.com get valid usage stats (not only of which users are using the system, but which clients too)

    See twitter http://dev.twitter.com/pages/oauth_faq or http://oauth.net/about/

    > Unless your bot will only be used by other QRZ XML subscribers
    Thats the plan.
     
    VK7HPC, Mar 24, 2011
    #4
Thread Status:
Not open for further replies.

Share This Page

ad: ProAudio-1