On Thu, Nov 17, 2016 at 11:51 PM, Roland Hedberg <rol...@catalogix.se> wrote: >> A quick query of the PyPI download database for the three months shows the >> following download counts for those modules: >> >> - requests-oauthlib == 1,897,048 >> - oauth2 == 349,759 >> - pyoidc == 10,520 >> >> This is not intended to be chastening for Roland: all new modules start with >> low download counts. > > No offence taken ! :-) > But you should distinguish between OAuth2 and OIDC. OIDC is a profile of > OAuth2 for usage in the case where you not only need > authorization (and access tokens) but also authentication and/or user info.
When you're looking at oauth2, there are myriad uses for it, and thus large numbers of people looking for the module. But OIDC is something I had never heard of until this thread (turns out it's something built on top of OAuth2). Your module may well be best-in-show for OIDC (unproven, but assume it for the nonce), but unless it's also best-in-show for OAuth2, it's not going to have the broad draw/appeal that I would hope for in a new stdlib module. Perhaps the best step forward is to publish blog posts demonstrating how your module compares to other OAuth2 libraries. That would put the module name alongside various keywords that people will search for, and thus improve its visibility. Consider this thought process, which I'd say is fairly typical: 1) I want to use Fred's Wonderful Spamination API. 2) FWSA's docs say that I need to use this thing called OAuth. 3) What's OAuth? How do I use it? Search the web. 4) Oh, there's OAuth1 and OAuth2. Which should I use? Ahh, FWSA's docs say OAuth2. Okay. 5) I need a Python module that does OAuth2. 6) Search the web, or search PyPI? Personally, when I hit step 6, I search the web. PyPI search is exhaustive but not very usefully ranked (for this purpose). Searching for a keyword or protocol will give undue weight to a module whose name is simply that word, even if that module is terrible, unmaintained, etc, etc. Properly-ranked web search results are generally more useful in pointing me to the appropriate package, even if they're telling me to use something with a very different name. (Consider a search for "python http". You'll get httplib/http.client, but shortly after that, you get pointed to 'requests'.) As another bonus, blog posts of that nature will help to explain to more experienced devs "why should this matter to me". People who've already used requests-oauthlib are unlikely to reach for a new and unproven package without a good reason. So give them that reason! :) Also, as I mentioned earlier, the Python Wiki may well have an appropriate spot for this to be mentioned. It's worth a check. ChrisA _______________________________________________ Python-ideas mailing list Python-ideas@python.org https://mail.python.org/mailman/listinfo/python-ideas Code of Conduct: http://python.org/psf/codeofconduct/