I've been working on http://www.mantisbt.org/bugs/view.php?id=11219 to
provide Mantis with some OAuth  (server) authorization mechanism.
You may find at :
a first snapshot of such a plugin (and a test client using Zend
It's not polished, but helps test OAuth support for Mantis. It's my
first plugin for Mantis, so I expect many remarks on ways to do things
Thanks in advance if some can have a look / test and provide some
To make it short, the principle of OAuth is that a Consumer web
application may connect to a Service Provider web app on behalf of a
User (so called "3-legs" mode) using Access Tokens, that the User has
authorized for this Consumer app.
The benefit of using OAuth for Mantis is that the Consumer app then
never knows of the Mantis user's real credentials, and only uses the
Access Tokens provided by the user through Mantis, and until the user
I have only tested the "3-legs" mode, where another Web apps is the
Consumer, and where it is called-back by Mantis during the Token request
dialog using the callback mechanism of the OAuth authorization protocol
(there's also a 2 legs mechanism).
The implementation is not yet perfect (and doesn't support all signature
methods possible), but I hope it is a good starting point to implement
other OAuth enabled mechanisms for interoperating with Mantis (such as
for REST consumers using OSLC-CM).
See the enclosed README and the Zend framework client provided (using
Zedn_Oauth) for more details.
The code is in SVN in our repo for now (see the ticket for details).
I may as well publish it in git (whenever mantisforge is available ?) if
people are interested to take part (the end goal being to contribute it
to MantisBt.org so that I'm not the only one to maintain it ;).
Also, I think it may be more convenient some day to have such features
in the core of Mantis and not in a plugin (the OAuth endpoints being
under pages of a plugin make it hard to construct signatures).
Any comments and feedback much welcome, again.
Olivier BERGER <olivier.berger@...>
http://www-public.it-sudparis.eu/~berger_o/ - OpenPGP-Id: 2048R/5819D7E8
Ingénieur Recherche - Dept INF
Institut TELECOM, SudParis (http://www.it-sudparis.eu/), Evry (France)
Get latest updates about Open Source Projects, Conferences and News.