OAuth 2.0 implementation
demianbrecht at gmail.com
Tue Mar 27 19:54:40 CEST 2012
On Tuesday, 27 March 2012 07:18:26 UTC-7, Roy Smith wrote:
> In article
> <7909491.0.1332826232743.JavaMail.geo-discussion-forums at pbim5>,
> Demian Brecht <demianbrecht at gmail.com> wrote:
> > OAuth 2.0 is still in draft status (draft 25 is the current one I believe)
> > and yes, unfortunately every single server available at this point have
> > varying degrees of separation from the actual spec. It's not a
> > pseudo-standard, it's just not observed to the letter. Google is the closest
> > and Facebook seems to be the farthest away (Stack Exchange is in close second
> > due to building theirs to work like Facebook's).
> In practice, OAuth is all about getting your site to work with Facebook.
> That is all most web sites care about today because that's where the
> money is. The fact that other sites also use OAuth is of mostly
> academic interest at this point.
> The next player on the list is Twitter, and they're not even up to using
> their own incompatible version of OAuth 2.0. They're still using OAuth
> 1.0 (although, I understand, they're marching towards 2.0).
Sure, with the initial surge of the Facebook platform, I'm sure there are many more applications that only work with Facebook. However, after the initial gold rush, I'm sure there will be more developers who see the potential power of service aggregation (and not just for feeds ;)). I know I'm one of them.
Of course, a lot of these thoughts are around niche markets, but isn't that where the money is? Untapped, niche markets? That's a completely different discussion though and would obviously be quite the thread derailment.
More information about the Python-list