Hello, I didn't develop an OAuth 2.0 server to the web2py's core but I wrote a module instead. You can take a look here<https://github.com/joaoqalves/web2py-oauth2> . Unfortunately, I don't have much time and I just implemented a version to work with pymongo + mongoDB, but it's quite easy to extend the OAuthStorage class to work with DAL properly. Feel free to comment and/or fork it ;)
Best regards, João On Monday, July 30, 2012 8:00:53 PM UTC+1, Massimo Di Pierro wrote: > > We would be interested. Look at the way cas is integrated in auth > (gluon/tools.py) and look at the oauth 2.0 client > (gluon/contrib/login_methods/oauth20_account.py). > > It would be nice if: > 1) an oauth 2.0 server were to be exposed in the same way as the cas > server is exposed. > 2) oauth20_account.py would be able to interoperate with it. > > We would require that this does not use any third party software or (at > least) only one BSD/MIT library in contrib. > > massimo > > > On Monday, 30 July 2012 13:43:45 UTC-5, João Alves wrote: >> >> Hi. I'm developing an API through *web2py* framework and I would like to >> use the OAuth2 protocol to authenticate the user/app. I've seen some links ( >> http://hiidef.github.com/oauth2app/ and >> http://blog.savored.com/2011/10/14/oauth-server-authentication-in-pythondjango/) >> and I'm >> planning to develop something like that, but for *web2py*. Do you have >> interest in have OAuth2 on the core of the framework? It could be >> interesting and since I'll develop the solution, I could share it for >> everyone. >> >> Best regards, >> João >> >> On Tuesday, May 29, 2012 3:39:06 AM UTC+1, Massimo Di Pierro wrote: >>> >>> Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. >>> >>> The problem is that the Oauth 2.0 specs are very poor. They specify how >>> a the client asks the server if a user is authenticated but do not say >>> anything about what information the server should provide to the client >>> (user name? email?). This means a client written for one server will only >>> work with that server and vice versa. The facebook Oath 2.0 follows its own >>> rules. You can build a client that works with it. You can build a server >>> that mimics them but there is very little in the Oauth 2.0 spects that >>> tells you how to. Moreover your app is unlikely to provide the same >>> services as facebook and therefore clients written for facebook will not >>> work for it. >>> >>> I would stay away from Oauth 2.0 unless you need it as a client to >>> authenticate to third party services. >>> >>> Massimo >>> >>> On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >>>> >>>> I have seen that web2py supports integration with Facebook + Twitter. >>>> What if I want to create my own OAuth2 Server like what is offered by >>>> Facebook and Twitter? >>>> Is this possible with Web2Py? >>> >>> --