Thank you Michael for sharing your insights here. I’ve looked through some of the code but, as you said, the testing looked rather daunting to me.
On top of that, it's actually really easy (imo) to consume OAuth 2.x + > OpenID Connect apis directly. Most bindings for velruse end up being just a > very thin wrapper around a small amount of code you can easily write > yourself. It basically just involves implementing a redirection endpoint > that the provider will send the browser to once the user has granted > access, and from there taking the token and querying whatever you want from > the provider's api. OpenID Connect has helped a lot in standardizing the > type of data you'd want to receive - something velruse was trying to > standardize before that standard existed. > This statement of yours aligns nicely with my thoughts/suspicion that perhaps I ought to drop Velruse altogether, and instead use an OAuth2 package to talk with the providers directly. The website uses only Google, LinkedIn, Live anyway (and I’m thinking to add Apple now) and they all—I think—speak OAuth2. The recent OAuth thread <https://groups.google.com/forum/#!topic/pylons-discuss/eMWVq8QYM3M> recommends requests-oauthlib <https://github.com/requests/requests-oauthlib>… Can you recommend any particular package, is the that one good? Much thanks! Jens -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to pylons-discuss+unsubscr...@googlegroups.com. To post to this group, send email to pylons-discuss@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/d1292058-f1d9-48a7-8068-e5f290199bf8%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
