On the server side, what we're agreeing on is a view that receives a standard OAuth authorization header, and logs the user in (ie returns a session cookie).
Once you can handle arbitrary request headers via libsoup using Python-bound Gtk-embeded webkit, we'll be able to sort it out.
The alternative of accepting the token via a GET argument was discarded.
That way the desktop client can:
- Prompt the user with a desktop login
- Get a token they can use for other purposes, or
- Feed it into the desktop browser, so that the browser will skip web authentication.
On the server side, what we're agreeing on is a view that receives a standard OAuth authorization header, and logs the user in (ie returns a session cookie).
Once you can handle arbitrary request headers via libsoup using Python-bound Gtk-embeded webkit, we'll be able to sort it out.
The alternative of accepting the token via a GET argument was discarded.
That way the desktop client can:
- Prompt the user with a desktop login
- Get a token they can use for other purposes, or
- Feed it into the desktop browser, so that the browser will skip web authentication.