Looking forward to seeing this project come to light. I'm sure it'll bring a lot of people to web2py :)
This is the latest version of the oauth2 lib I could find: https://github.com/operasoftware/python-oauth2 - But it seems to be oauth1 even though it says oauth2. Can someone confirm? On Wed, May 30, 2012 at 10:28 AM, Horus <dwayne.o.cla...@gmail.com> wrote: > I am doing a bit on research on it and looking to wrap my head around it to > build a server and client in Web2Py however, there isn't a lot of > documentation and some implementations differ from other (I guess that is > getting back to what Massimo said). Essentially, I will build a core system > and have my apps built around that core (API Centric). > > I think that will be a little project to start in coming weeks. > > > > On Tuesday, May 29, 2012 9:16:44 AM UTC-4, mcm wrote: >> >> Yes it is definitely possible. >> >> OAuth2.0 was born because OAuth1.0 had all sort of hashing to do on >> both client and server side. That was to allow for better security, on >> a clear channel, but failed since OAuth1.0a is deprecated on non TSL >> channels. >> They really simplified things in OAuth2.0 so it is much easier to >> implement, but as Massimo points out the spec is still a bit rough and >> does just a little more than OpenID. >> Anyway OAuth2.0 is now adopted by Twitter, Linkedin, Google and >> Facebook (actually with some little differences, but nothing serious). >> This means that having OAuth2.0 service is now seen as an important >> feature. It is something on my TODO list so if you go ahead I can give >> you some support. >> >> mic >> >> >> 2012/5/29 Massimo Di Pierro <massimo.dipie...@gmail.com>: >> > Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. >> > >> > The problem is that the Oauth 2.0 specs are very poor. They specify how >> > a >> > the client asks the server if a user is authenticated but do not say >> > anything about what information the server should provide to the client >> > (user name? email?). This means a client written for one server will >> > only >> > work with that server and vice versa. The facebook Oath 2.0 follows its >> > own >> > rules. You can build a client that works with it. You can build a server >> > that mimics them but there is very little in the Oauth 2.0 spects that >> > tells >> > you how to. Moreover your app is unlikely to provide the same services >> > as >> > facebook and therefore clients written for facebook will not work for >> > it. >> > >> > I would stay away from Oauth 2.0 unless you need it as a client to >> > authenticate to third party services. >> > >> > Massimo >> > >> > >> > On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >> >> >> >> I have seen that web2py supports integration with Facebook + Twitter. >> >> What if I want to create my own OAuth2 Server like what is offered by >> >> Facebook and Twitter? >> >> Is this possible with Web2Py?
