@squarewolf opened this issue on June 24th 2013

Additional security has been added by removing the private token from the actual request. To use the new authentication scheme, supply the following parameters: - nonce: http://en.wikipedia.org/wiki/Cryptographic_nonce - timestamp: the unix timestamp when the message was created - access_token: the public access token matching the private token used to create the signature - signature: a sha1 hash of the request parameters (excluding the signature) ordered as per http://oauth.net/core/1.0/#rfc.section.9.1.1, concatenated with the private key (in pseudo code: signature = sha1(order_params(params) + private_key)))

TODO: - [x] make private key private by excluding it from the actual request - [ ] add nonce to the database to prevent replay attacks - [ ] add timestamp timeout - [ ] add two-tiered security scheme (i.e. unique public & private tokens per API client)

@mattab commented on July 16th 2013

Thanks for the proposal! Sorry about no feedback earlier. - In the function you can use uksort() instead of sorting then array manip. - put the other code in a new private method - See also coding standard guide: http://piwik.org/participate/coding-standards/ - Maybe post a working example of a code that uses this auth method instead of token_auth, - and that shows to user (and us) how this feature solves a very nice problem (ie. token_auth kept secret)

It would be great to support OAuth like security, so I look forward to next update.

@mattab commented on September 6th 2013

Ping us to reopen PR, or we will reopen if you commit again, cheers!

This issue was closed on September 6th 2013
Powered by GitHub Issue Mirror