Seems that Oauth 2.0 is finalised as an official standard in IETF RFCS 6749 and 6750: http://dickhardt.org/2012/10/oauth-2-0/
On Monday, August 20, 2012 9:33:10 PM UTC+8, João Alves wrote: > > Hello, > > I didn't develop an OAuth 2.0 server to the web2py's core but I wrote a > module instead. You can take a look > here<https://github.com/joaoqalves/web2py-oauth2> > . > Unfortunately, I don't have much time and I just implemented a version to > work with pymongo + mongoDB, but it's quite easy to extend the OAuthStorage > class to work with DAL properly. Feel free to comment and/or fork it ;) > > Best regards, > João > > On Monday, July 30, 2012 8:00:53 PM UTC+1, Massimo Di Pierro wrote: >> >> We would be interested. Look at the way cas is integrated in auth >> (gluon/tools.py) and look at the oauth 2.0 client >> (gluon/contrib/login_methods/oauth20_account.py). >> >> It would be nice if: >> 1) an oauth 2.0 server were to be exposed in the same way as the cas >> server is exposed. >> 2) oauth20_account.py would be able to interoperate with it. >> >> We would require that this does not use any third party software or (at >> least) only one BSD/MIT library in contrib. >> >> massimo >> >> >> On Monday, 30 July 2012 13:43:45 UTC-5, João Alves wrote: >>> >>> Hi. I'm developing an API through *web2py* framework and I would like >>> to use the OAuth2 protocol to authenticate the user/app. I've seen some >>> links (http://hiidef.github.com/oauth2app/ and >>> http://blog.savored.com/2011/10/14/oauth-server-authentication-in-pythondjango/) >>> and I'm >>> planning to develop something like that, but for *web2py*. Do you have >>> interest in have OAuth2 on the core of the framework? It could be >>> interesting and since I'll develop the solution, I could share it for >>> everyone. >>> >>> Best regards, >>> João >>> >>> On Tuesday, May 29, 2012 3:39:06 AM UTC+1, Massimo Di Pierro wrote: >>>> >>>> Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. >>>> >>>> The problem is that the Oauth 2.0 specs are very poor. They specify how >>>> a the client asks the server if a user is authenticated but do not say >>>> anything about what information the server should provide to the client >>>> (user name? email?). This means a client written for one server will only >>>> work with that server and vice versa. The facebook Oath 2.0 follows its >>>> own >>>> rules. You can build a client that works with it. You can build a server >>>> that mimics them but there is very little in the Oauth 2.0 spects that >>>> tells you how to. Moreover your app is unlikely to provide the same >>>> services as facebook and therefore clients written for facebook will not >>>> work for it. >>>> >>>> I would stay away from Oauth 2.0 unless you need it as a client to >>>> authenticate to third party services. >>>> >>>> Massimo >>>> >>>> On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >>>>> >>>>> I have seen that web2py supports integration with Facebook + Twitter. >>>>> What if I want to create my own OAuth2 Server like what is offered by >>>>> Facebook and Twitter? >>>>> Is this possible with Web2Py? >>>> >>>> --
