[Qgis-developer] Authentification use from Python

Stefan Keller sfkeller at gmail.com
Sat Feb 27 12:32:17 PST 2016


Hi,

In a Python plugin [1] we implemented HTTP "Basic Authentication" and
"NTLM authentication".

Now I'm still looking for a solution using OAuth 2.0 for build-in WxS
(WMS/WMTS, WFS) as well as for Python plugins.
This seems to be also of some interest for other QGIS users [2].


The only code related to OAuth2 I found is in the CartoDB plugin [3].
But this does not help WxS nor my Python plugin.

Also Paolo's pointer to LizMap relates not to QGIS Python plugin but
to restricted access to lizmap online AFAIK.

I heard about the authentication configuration system with master password [4].
But we still need more information when the API is available.

2016-01-12 23:36 GMT+01:00 Larry Shaffer <larrys at dakotacarto.com>:
> Until then, the continued Python access to the auth system credentials means
> security is not good for the user. It should be considered for deprecation
> or just complete removal in 2.14 release.

Any news on this, and on OAuth implementations for WxS and Python plugins?

:Stefan

[1] http://plugins.qgis.org/plugins/connector/
[2] https://groups.google.com/forum/#!topic/australian-qgis-user-group/agn7ehIPd3M
[3] http://plugins.qgis.org/plugins/QgisCartoDB/
[4] https://github.com/qgis/QGIS/pull/1838


2016-01-12 23:36 GMT+01:00 Larry Shaffer <larrys at dakotacarto.com>:
> Hi Bernhard,
>
> Please note that the Python support for direct access to the credentials via
> the auth method config *may* be completely removed for security reasons.
>
> Ideally, the expansion of credentials within a given auth method config
> would only be done within the core application and connection methods (HTTP,
> etc.) would be offered through a Python API. In this way an authcfg token
> can be passed in and the connection established without access to
> credentials.
>
> However, such support and an API are not currently available. It is simple
> enough to add to QgsNetworkAccessManager for HTTP[S] connections, but not so
> simple for other types of connections, e.g. database via a library or
> client. Once completed this means a plugin would not be able to access the
> credentials and pass them on to a different connection method, e.g. Python
> HTTP lib, etc.
>
> Once such an API is available (or even now, with some work), plugins could
> be 'authorized' by the user for access to credentials using revocable access
> tokens or signed/revokable certificates.
>
> Until then, the continued Python access to the auth system credentials means
> security is not good for the user. It should be considered for deprecation
> or just complete removal in 2.14 release.
>
> Regards,
>
> Larry Shaffer
> Dakota Cartography
> Black Hills, South Dakota
>
> QGIS Support/Development | Boundless
> lshaffer at boundlessgeo.com
>
> On Tue, Jan 12, 2016 at 8:14 AM, Bernhard Ströbl <bernhard.stroebl at jena.de>
> wrote:
>>
>> Hi Luigi,
>>
>> many thanks! That was the key.
>>
>> I now have
>> <code>
>> am = QgsAuthManager.instance()
>> myAuthMethodConfig = QgsAuthMethodConfig()
>> am.loadAuthenticationConfig(mykey,myAuthMethodConfig,True)
>> myAuthMethodConfig.configMap()
>> </code>
>>
>> Bernhard
>>
>>
>> Am 12.01.2016 um 15:58 schrieb Luigi Pirelli:
>>>
>>> Hi Bernhard
>>>
>>> be inspired by Boundless qgis-geoserver-plugin
>>>
>>>
>>> https://github.com/boundlessgeo/qgis-geoserver-plugin/blob/master/src/geoserverexplorer/gui/gsexploreritems.py#L502
>>>
>>> I hope it's enough
>>>
>>> cheers
>>> Luigi Pirelli
>>>
>>>
>>> **************************************************************************************************
>>> * Boundless QGIS Support/Development: lpirelli AT boundlessgeo DOT com
>>> * LinkedIn: https://www.linkedin.com/in/luigipirelli
>>> * Stackexchange: http://gis.stackexchange.com/users/19667/luigi-pirelli
>>> * GitHub: https://github.com/luipir
>>> * Mastering QGIS:
>>> https://www.packtpub.com/application-development/mastering-qgis
>>>
>>> **************************************************************************************************
>>>
>>>
>>> On 12 January 2016 at 12:47, Bernhard Ströbl <bernhard.stroebl at jena.de>
>>> wrote:
>>>>
>>>> Hi all,
>>>>
>>>> my goal is that my users do not save their PostgreSQL passwords in clear
>>>> text but that they use the new Authentification system to do so. For my
>>>> plugins I would need access to the PostgreSQL username and password,
>>>> though.
>>>> Is this generally possible in spite of security considerations as
>>>> mentioned
>>>> in the QGEP? If yes, how would I do it?
>>>>
>>>> what I have so far is:
>>>> <code>
>>>> am = QgsAuthManager.instance()
>>>> myAuthMethodConfig = am.availableAuthMethodConfigs()[mykey]
>>>> myAuthMethodConfig.configMap() # returns an empty dict :-(
>>>> </code>
>>>>
>>>> QGIS 2.12.2
>>>>
>>>> any help appreciated
>>>>
>>>> regards
>>>>
>>>> Bernhard
>>>>
>>>> [1]
>>>>
>>>> https://github.com/dakcarto/QGIS-Enhancement-Proposals/blob/auth-system/qep-14-authentication-system.rst
>>>>
>>>>
>>>> __________ Information from ESET Mail Security, version of virus
>>>> signature
>>>> database 12855 (20160112) __________
>>>>
>>>> The message was checked by ESET Mail Security.
>>>> http://www.eset.com
>>>>
>>>>
>>>> _______________________________________________
>>>> Qgis-developer mailing list
>>>> Qgis-developer at lists.osgeo.org
>>>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>>>
>>>
>>>
>>> __________ Information from ESET Mail Security, version of virus
>>> signature database 12856 (20160112) __________
>>>
>>> The message was checked by ESET Mail Security.
>>> http://www.eset.com
>>>
>>>
>>
>> --
>> Bernhard Ströbl
>> Anwendungsbetreuer GIS
>>
>> Kommunale Immobilien Jena
>> Am Anger 26
>> 07743 Jena
>>
>> Tel.: 03641 49- 5190
>> E-Mail: bernhard.stroebl at jena.de
>> Internet: www.kij.de
>>
>>
>> Kommunale Immobilien Jena
>> Eigenbetrieb der Stadt Jena
>> Werkleiter: Karl-Hermann Kliewe
>>
>>
>> __________ Information from ESET Mail Security, version of virus signature
>> database 12856 (20160112) __________
>>
>>
>> The message was checked by ESET Mail Security.
>> http://www.eset.com
>>
>>
>> _______________________________________________
>> Qgis-developer mailing list
>> Qgis-developer at lists.osgeo.org
>> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer
>
>
>
> _______________________________________________
> Qgis-developer mailing list
> Qgis-developer at lists.osgeo.org
> List info: http://lists.osgeo.org/mailman/listinfo/qgis-developer
> Unsubscribe: http://lists.osgeo.org/mailman/listinfo/qgis-developer


More information about the Qgis-developer mailing list