OAuth 2.0 implementation

Roy Smith roy at panix.com
Tue Mar 27 16:18:26 CEST 2012


In article 
<7909491.0.1332826232743.JavaMail.geo-discussion-forums at pbim5>,
 Demian Brecht <demianbrecht at gmail.com> wrote:

> OAuth 2.0 is still in draft status (draft 25 is the current one I believe) 
> and yes, unfortunately every single server available at this point have 
> varying degrees of separation from the actual spec. It's not a 
> pseudo-standard, it's just not observed to the letter. Google is the closest 
> and Facebook seems to be the farthest away (Stack Exchange is in close second 
> due to building theirs to work like Facebook's).

In practice, OAuth is all about getting your site to work with Facebook.  
That is all most web sites care about today because that's where the 
money is.  The fact that other sites also use OAuth is of mostly 
academic interest at this point.

The next player on the list is Twitter, and they're not even up to using 
their own incompatible version of OAuth 2.0.  They're still using OAuth 
1.0 (although, I understand, they're marching towards 2.0).



More information about the Python-list mailing list