maas-devel team mailing list archive

Thread
Date

Re: Clock skew and OAuth

To: Scott Moser <scott.moser@xxxxxxxxxxxxx>
From: Julian Edwards <julian.edwards@xxxxxxxxxxxxx>
Date: Wed, 22 Aug 2012 13:17:25 +1000
Cc: maas-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <alpine.DEB.2.02.1208210550500.4165@brickies>
Organization: Canonical Ltd
User-agent: KMail/4.9 (Linux/3.2.0-27-generic; KDE/4.9.0; x86_64; ; )

On Tuesday 21 August 2012 06:02:24 Scott Moser wrote:
> The solution that seems to make the most sense to me there is to
> attempt to fix the clock to the server's clock if an Oauthed request fails
> with 403.  I'm concerned that the clock jumping forward or backward at
> this point in boot might have negative affects.  There are possibly some
> things that are sleeping and would have issues with backwards or greatly
> forwards moving clock (dhclient is likely one).

It may be possible to coerce OAuth into using a special timestamp instead of 
violently modifying the system clock.  It needs a change in cloud-init of 
course.

Once you have an OAuthRequest object, you can call this before calling 
sign_request:

    >>> request.set_parameter("oauth_timestamp", <value>)

<value> normally defaults to "int(time.time())".  It should be easy to poke 
the server's value in that you determined earlier.

Follow ups

Re: Clock skew and OAuth
From: Jeroen Vermeulen, 2012-08-22

References

Clock skew and OAuth
From: Julian Edwards, 2012-06-27
Re: Clock skew and OAuth
From: Julian Edwards, 2012-08-21
Re: Clock skew and OAuth
From: Scott Moser, 2012-08-21