We do the same thing. A few notes:
* I run the authorization API as a standalone app/service, and also run the read/write APIs as a third service. Our services have hit the api with their endpoint in their path (ie /api/v1/app1 /api/v1/app2) so they can be partitioned out later if needed and scaled independently. This may seem like a minor detail, but it avoids bottlenecks and lets you fine-tune the service allocations on your hardware. IIRC, our auth-only server runs under 70MB but our "all-in" app servers run north of 200MB. * i modeled a very lowlevel oauth integration against flask-oauth. it's a standlone package that I can share or opensource if you'd like. * oauthlib has a bit of problem that may or may not affect you -- it requires a spec-compliant oauth server, which you can build but you can't rely on to consume. in the wild, most oauth servers are not fully spec compliant (twitter, for example, has some endpoints that will send data in both headers and content) . it's a bit of a hassle to get around, but you can monkeypatch if needed. -- You received this message because you are subscribed to the Google Groups "pylons-discuss" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/pylons-discuss/32d1bc7b-58d1-4e7c-9a6a-482f2e14a897%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
