Comments on: OAuth and the 4 hour work day

By: knuthellan

knuthellan — Fri, 04 Mar 2011 19:11:40 +0000

The OAuth system included a login page implemented in haml and based on the haml template for the rest of the site. I stored all persistent data including request, access tokens and remote service credentials in CouchDB.

I did not add the user page to revoke access at the same time, but the basic support for that was included. Adding it meant another haml view and some basic sinatra post handling. This addition was probably a couple of days work.

Sticky sessions in the load balancer will avoid problems related to request tokens not being synchronized between database replicas in time.

By: Raj

Raj — Thu, 03 Mar 2011 15:32:58 +0000

Thanks for quick turnaround. Also wanted to ensure, it had
1) user’s authorization via Login page.
2) did you store all the request/access tokens in db
3)Did it include a website for users to revoke access to apps when needed?

By: knuthellan

knuthellan — Thu, 03 Mar 2011 12:44:29 +0000

I originally estimated three days to get the OAuth up and running, but had it up in less than a day. It was about two weeks later before the full request signing between PHP and Ruby was working. Since getting this right is important, I would set aside a week to ensure it’s well tested and robust.

By: Raj

Raj — Tue, 01 Mar 2011 18:58:51 +0000

Hello – just curious to understand, how long did it take you to build a 3 legged OAuth Auth framework in terms of time estimates as we are aswell in a scrum development methodology

By: Raj

Raj — Tue, 01 Mar 2011 18:52:56 +0000

By the way what wa your total estiamte to build a fully functional 3 legged OAuth Authentication with User Authorization?