provide a way to pass sso oauth token on purchase

Another problem is that webkitgtk (at least the python bindings) seem to make it really hard to create persistant cookies. This means currently the user has to go through the login again all the time.

On the server side, what we're agreeing on is a view that receives a standard OAuth authorization header, and logs the user in (ie returns a session cookie).

Once you can handle arbitrary request headers via libsoup using Python-bound Gtk-embeded webkit, we'll be able to sort it out.

The alternative of accepting the token via a GET argument was discarded.

That way the desktop client can:
 - Prompt the user with a desktop login
 - Get a token they can use for other purposes, or
 - Feed it into the desktop browser, so that the browser will skip web authentication.

As well as the solution from comment #2, we should provide a script for QA to test this feature, as it might be a while until the desktop client starts using these features.

Also need to add a setting (that can be changed without a server restart) to enable/disable the api call

QA - instructions on testing this!
First off - please wait until https://code.launchpad.net/~canonical-isd-hackers/software-center-agent/backend_fix_615342/+merge/58212 has landed before testing this. There was an issue with the authentication backend name we were using.

To test this branch you'll need to use firefox and install the following plugin: https://addons.mozilla.org/en-US/firefox/addon/modify-headers/

Next run the latest sca via $fab bootstrap run

First the negative case:
Open firefox and make sure all cookies are deleted - you can use the web developer plugin (among others) to do this.
Point the browser to http://localhost:8000/subscriptions/
You'll notice that you will be asked to login via openid. Cancel (don't log in)

Now for the positive case:
Place both attached scripts in the root of the branch.
Make them both executable (chmod +x get_lp_creds_for_sca.py login_by_token.py)
Run the first script as follows:
$./get_lp_creds_for_sca.py <your_lp_email> <your_lp_password>
You'll get some token and consumer info printed out.

Now to simulate the call that the desktop client will make...
Run the second script as follows:
$./login_by_token.py <lp_username> <token_key> <token_secret> <consumer_key> <consumer_secret>
You'll see a string of header information printed out.

Go back to firefox and start the modify headers plugin. It should open up as a separate dialog.
Change the dropdown that says "Select Action" so that it says "Add".
In the first input field enter 'AUTHORIZATION' with no quotes.
In the second input field enter all of the info that was printed out from the second script.
Click on save and leave the dialog box open (don't click on OK)
Point the browser to http://localhost:8000/login_by_token
This will simulate the call that the desktop client will make to avoid the user logging in again.
You should see 'login succeeded" and not a blank browser page.
Finally, point the browser to http://localhost:8000/subscriptions/ and you won't be prompted to log in.

Attached are the two scripts for testing...

Updated the script to print out the args as needed for the next script.