12:33 a.m.
Hi all,
I have a theoretical question. Is it possible to a create package to
Fedora which is using oauth2 authentication and that means there are
app_id and secret_code strings generated by api provider? These strings
are used in the program but can't be shipped in the code because
everyone could then use these codes to look as this application.
Thank you for reply,
Jiri Konecny
3:50 a.m.
On 07/28/2015 07:33 AM, Jiří Konečný wrote:
I have a theoretical question. Is it possible to a create package to
Fedora which is using oauth2 authentication and that means there are
app_id and secret_code strings generated by api provider? These strings
are used in the program but can't be shipped in the code because
everyone could then use these codes to look as this application.
No, this is not possible. May be you could create a tool which
simplifies obtaining suitable API keys and ship that instead?
--
Florian Weimer / Red Hat Product Security
6:17 a.m.
On Tue, 2015-07-28 at 10:50 +0200, Florian Weimer wrote:
On 07/28/2015 07:33 AM, Jiří Konečný wrote:
No, this is not possible. May be you could create a tool which
simplifies obtaining suitable API keys and ship that instead?
--
Florian Weimer / Red Hat Product Security
Ok thank you for your answer Florian.
Jiri Konecny
7:49 p.m.
Jiří Konečný wrote:
I have a theoretical question. Is it possible to a create package to
Fedora which is using oauth2 authentication and that means there are
app_id and secret_code strings generated by api provider? These strings
are used in the program but can't be shipped in the code because
everyone could then use these codes to look as this application.
Unfortunately, the concept of an application key is fundamentally
incompatible with Free Software. Several Free Software projects just ship
the app key(s) they use in their source code, and usually get away with it.
I guess that for some popular APIs, there are even projects just using some
other Free Software project's app key, but that's of course bad form.
Kevin Kofler
10:23 a.m.
On Thu, Jul 30, 2015 at 8:49 PM, Kevin Kofler <kevin.kofler(a)chello.at> wrote:
Jiří Konečný wrote:
> I have a theoretical question. Is it possible to a create package to
> Fedora which is using oauth2 authentication and that means there are
> app_id and secret_code strings generated by api provider? These strings
> are used in the program but can't be shipped in the code because
> everyone could then use these codes to look as this application.
Unfortunately, the concept of an application key is fundamentally
incompatible with Free Software. Several Free Software projects just ship
the app key(s) they use in their source code, and usually get away with it.
I guess that for some popular APIs, there are even projects just using some
other Free Software project's app key, but that's of course bad form.
Kevin Kofler
I didn't read the question as being about app keys. It sounds to me
more like the question was about how to package an app which could be
easily configured with a user's private authentication credentials.
For instance, a client-app for an internet service that requires
authentication. Did I misread the original question?
--
Christopher L Tubbs II
http://gravatar.com/ctubbsii
3181
days inactive
3187
days old
4 comments
4 participants
participants (4)
-
Christopher -
Florian Weimer -
Jiří Konečný -
Kevin Kofler