Hi! Why am I bringing this up: Security is hard ! Implementing a standard correctly is not easy.
I know about the later because the last 2 years I’ve been involved in certifying OpenID Connect Provider instances. Lately I’ve been doing the same for OpenID Connect Relying Party libraries. All of what I’ve done in written in Python and on Github. Regarding the first opinion that has been shown time and time again so I won’t go into that here. Now, voices has been raise within the OpenID Foundation that it would pick a number of implementations, one per language, and stamp them with a sign of approval. Those implementations would all be thoroughly tested for compliance and usability before approved. My Python implementation (https://github.com/rohe/pyoidc) is probably the forerunner when it comes to being the chosen Python implementation. It’s been around for a number of years and it’s the basis for the test tools. Which means, it has been thoroughly tested by many independent parties. My question to you is if it would be possible to get an OAuth2/OIDC implementation like mine to be part of the Python standard distribution. I realise that I will have to rewrite parts of pyoidc because presently it uses modules (for instance pycryptdome and requests) that are not part of the standard distribution. The bottom line is of course that it would benefit the community to have a high quality OAuth2/OIDC implementation within easy reach. — Roland _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/
