468e4b6d55
In order to solve the initial handshake problem with apps, OctoPrint now supports so called app session keys which are basically API keys with a limited validity. Obtaining those keys is based on a handshake procedure backed by RSA signatures. OctoPrint needs to be aware of apps and their associated public keys (with the AppPlugin there exists a mechanism to add additional recognized apps by installing a plugin). Apps perform the handshake by first requesting a temporary key with very limited validity, then sending a message back to OctoPrint containing their id, version, the temporary key and a signature created with their private key over these three pieces of data. OctoPrint then tries to verify the signature and if successful unlocks the key to be used as a fully recognized API key.
15 lines
188 B
Text
15 lines
188 B
Text
flask==0.9
|
|
werkzeug==0.8.3
|
|
tornado==4.0.1
|
|
sockjs-tornado>=1.0.0
|
|
PyYAML==3.10
|
|
Flask-Login==0.2.2
|
|
Flask-Principal==0.3.5
|
|
Flask-Babel==0.9
|
|
pyserial
|
|
netaddr
|
|
watchdog
|
|
sarge
|
|
netifaces
|
|
pylru
|
|
rsa
|