[Python-ideas] Support for OAuth2/OIDC in the standard distribution ?

[Nick Coghlan]

On 16 November 2016 at 22:50, Cory Benfield <cory at lukasa.co.uk> wrote:
>
>> On 16 Nov 2016, at 11:51, Roland Hedberg <roland at catalogix.se> wrote:
>>
>> The bottom line is of course that it would benefit the community to have a
>> high quality OAuth2/OIDC implementation within easy reach.
>
> I think the core question you need to answer for this proposal is: why is “pip install oic” not easy-enough reach?

>From an architectural point of view, I'd also note that anyone trying
to do modern web and network service development *without* the ability
to use additional components beyond the standard library toolkit has
many more problems than just the lack of a readily accessible
OAuth2/OIDC implementation (such as the absence of 'requests' itself).

I do think it could be useful for you to ask the requests developers
if they'd be willing to explicitly recommend a particular approach to
implementing OIDC atop requests and provide a pointer from their
documentation. Searching on Google for "python oidc" indicates both
"pip install oidc" and "pip install oic" are available (with the
latter being the case discussed here), but of the two, only yours
appears to provide API usage documentation. The protocol walkthrough
at http://pyoidc.readthedocs.io/en/latest/howto/rp.html seems like it
would be particularly useful to many folks as a hands-on introduction
to the steps involved in OIDC based client authentication.

Cheers,
Nick.

-- 
Nick Coghlan   |   ncoghlan at gmail.com   |   Brisbane, Australia