it was about time. Thanks for the info. 2012/10/14 Luther Goh Lu Feng <[email protected]>
> Seems that Oauth 2.0 is finalised as an official standard in IETF RFCS > 6749 and 6750: http://dickhardt.org/2012/10/oauth-2-0/ > > > On Monday, August 20, 2012 9:33:10 PM UTC+8, João Alves wrote: >> >> Hello, >> >> I didn't develop an OAuth 2.0 server to the web2py's core but I wrote a >> module instead. You can take a look >> here<https://github.com/joaoqalves/web2py-oauth2> >> . >> Unfortunately, I don't have much time and I just implemented a version to >> work with pymongo + mongoDB, but it's quite easy to extend the OAuthStorage >> class to work with DAL properly. Feel free to comment and/or fork it ;) >> >> Best regards, >> João >> >> On Monday, July 30, 2012 8:00:53 PM UTC+1, Massimo Di Pierro wrote: >>> >>> We would be interested. Look at the way cas is integrated in auth >>> (gluon/tools.py) and look at the oauth 2.0 client >>> (gluon/contrib/login_methods/**oauth20_account.py). >>> >>> It would be nice if: >>> 1) an oauth 2.0 server were to be exposed in the same way as the cas >>> server is exposed. >>> 2) oauth20_account.py would be able to interoperate with it. >>> >>> We would require that this does not use any third party software or (at >>> least) only one BSD/MIT library in contrib. >>> >>> massimo >>> >>> >>> On Monday, 30 July 2012 13:43:45 UTC-5, João Alves wrote: >>>> >>>> Hi. I'm developing an API through *web2py* framework and I would like >>>> to use the OAuth2 protocol to authenticate the user/app. I've seen some >>>> links >>>> (http://hiidef.github.com/**oauth2app/<http://hiidef.github.com/oauth2app/> >>>> and http://blog.**savored.com/2011/10/14/oauth-** >>>> server-authentication-in-**pythondjango/<http://blog.savored.com/2011/10/14/oauth-server-authentication-in-pythondjango/>) >>>> and I'm >>>> planning to develop something like that, but for *web2py*. Do you have >>>> interest in have OAuth2 on the core of the framework? It could be >>>> interesting and since I'll develop the solution, I could share it for >>>> everyone. >>>> >>>> Best regards, >>>> João >>>> >>>> On Tuesday, May 29, 2012 3:39:06 AM UTC+1, Massimo Di Pierro wrote: >>>>> >>>>> Theoretically yes. In fact I may even have somewhere a Oauth 1.0 >>>>> server. >>>>> >>>>> The problem is that the Oauth 2.0 specs are very poor. They specify >>>>> how a the client asks the server if a user is authenticated but do not say >>>>> anything about what information the server should provide to the client >>>>> (user name? email?). This means a client written for one server will only >>>>> work with that server and vice versa. The facebook Oath 2.0 follows its >>>>> own >>>>> rules. You can build a client that works with it. You can build a server >>>>> that mimics them but there is very little in the Oauth 2.0 spects that >>>>> tells you how to. Moreover your app is unlikely to provide the same >>>>> services as facebook and therefore clients written for facebook will not >>>>> work for it. >>>>> >>>>> I would stay away from Oauth 2.0 unless you need it as a client to >>>>> authenticate to third party services. >>>>> >>>>> Massimo >>>>> >>>>> On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >>>>>> >>>>>> I have seen that web2py supports integration with Facebook + Twitter. >>>>>> What if I want to create my own OAuth2 Server like what is offered by >>>>>> Facebook and Twitter? >>>>>> Is this possible with Web2Py? >>>>> >>>>> -- > > > > --
