Welcome! Log In Create A New Profile


Any interest in an OAuth module for Nginx?

September 08, 2009 08:25PM
Hello -

I'm currently writing a REST API that uses 2-legged OAuth authentication.

(For those who are interested, the web service is here: http://bcws.brightcloud.com).

Our application servers are currently doing the heavy lifting for authentication and I figured moving this into the web server would save us a lot of time on each application server.

The design is to do basic signature checking and facilitate a configurable timestamp check to forbid requests > T minutes difference from the server's clock (in UTC). Optionally, even have it do nonce checking as well. Although I have to say I'm very scared about playing with the Nginx memory structures at this point, I'm willing to try if someone points the way... :)

However, even if we don't do nonce checking, the idea would be that perhaps it's better for some app servers to do that themselves and know that if the nonce is unique the request is valid. Even this partial checking would be a huge time savings to application servers.

I have a basic version of this built and working right now (and yes, it's way faster), but still have some work left to go.

I have two questions:
1. Is there anything I'm overlooking? :)
2. Would this be interesting to anyone besides us? If there is deemed to be sufficient interest, we can most likely make it available to the community.


Subject Author Posted

Any interest in an OAuth module for Nginx?

ckharris September 08, 2009 08:25PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 245
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready