I am doing a bit on research on it and looking to wrap my head around it to build a server and client in Web2Py however, there isn't a lot of documentation and some implementations differ from other (I guess that is getting back to what Massimo said). Essentially, I will build a core system and have my apps built around that core (API Centric).
I think that will be a little project to start in coming weeks. On Tuesday, May 29, 2012 9:16:44 AM UTC-4, mcm wrote: > Yes it is definitely possible. > > OAuth2.0 was born because OAuth1.0 had all sort of hashing to do on > both client and server side. That was to allow for better security, on > a clear channel, but failed since OAuth1.0a is deprecated on non TSL > channels. > They really simplified things in OAuth2.0 so it is much easier to > implement, but as Massimo points out the spec is still a bit rough and > does just a little more than OpenID. > Anyway OAuth2.0 is now adopted by Twitter, Linkedin, Google and > Facebook (actually with some little differences, but nothing serious). > This means that having OAuth2.0 service is now seen as an important > feature. It is something on my TODO list so if you go ahead I can give > you some support. > > mic > > > 2012/5/29 Massimo Di Pierro <massimo.dipie...@gmail.com>: > > Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. > > > > The problem is that the Oauth 2.0 specs are very poor. They specify how > a > > the client asks the server if a user is authenticated but do not say > > anything about what information the server should provide to the client > > (user name? email?). This means a client written for one server will > only > > work with that server and vice versa. The facebook Oath 2.0 follows its > own > > rules. You can build a client that works with it. You can build a server > > that mimics them but there is very little in the Oauth 2.0 spects that > tells > > you how to. Moreover your app is unlikely to provide the same services > as > > facebook and therefore clients written for facebook will not work for > it. > > > > I would stay away from Oauth 2.0 unless you need it as a client to > > authenticate to third party services. > > > > Massimo > > > > > > On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: > >> > >> I have seen that web2py supports integration with Facebook + Twitter. > >> What if I want to create my own OAuth2 Server like what is offered by > >> Facebook and Twitter? > >> Is this possible with Web2Py? >
