Mark, +1 on this -- oAuth 2.0 support is still pretty new out in the wild but the momentum is clearly there. We're starting to experiment with oAuth 2.0 support at Jive and will find a way to contribute some experimental patches as we make progress.
Thanks, Matt On Aug 16, 2010, at 7:40 AM, Mark D Weitzel wrote: > I'd like to see OpenSocial adopt OAuth 2.0 rather than WRAP. I'd go > further and say that a good target for this to happen is OpenSocial 1.1 > next, which is tentatively scheduled for June/July 2011. This allows us to > start building out the implementation now, in shindig extras, and allow > that to be the prototype required by the OS dev. process. This also allows > the spec and the implementation to rely on an official standard. > > -Mark W. > > > > From: > Brian Eaton <[email protected]> > To: > [email protected] > Date: > 08/13/2010 05:35 PM > Subject: > Re: OAuth WRAP client support in Shindig? > > > > On Thu, Aug 12, 2010 at 12:18 AM, John Hjelmstad <[email protected]> wrote: > >> Generally sounds fine to me. A few thoughts: >> >> 1. Is it expected that WRAP will simply be a subset of OAuth2 or will we >> require a separate OAuth2 code path? >> > > I think that WRAP is a subset of OAuth2, plus some parameter changes. The > basic web server flow has seen no fundamental changes. > > >> 2. The messaging I've generally heard is that OAuth2 will pretty much >> completely replace WRAP. In practice I doubt that will be the case in > full, >> which could mean we're stuck supporting barely-used code. Thoughts on > this? >> > > Could happen. > > 3. Can you give a sense (anecdotal is fine) of how widely used WRAP is > these >> days, ie. the value of supporting it for the code base? >> > > Live at Microsoft, and at Google. Google is not widely documenting our > WRAP > support. We needed it for a few particular use cases, and it is being > quietly used there. > > >> 4. How much new code do you expect in OAuthRequest, roughly? It seems > that >> class is already getting quite large... > > > I think this is the big question. > > The other question is if/when OpenSocial will adopt the OAuth2 crypto > proposals. They've been dropped from the core spec due to lack of > consensus, but I think we did arrive at something that OpenSocial will > want > some day. > > Cheers, > Brian > >
