OAuth 2.0 implementation

Mark Hammond skippy.hammond at gmail.com
Wed Mar 28 05:42:25 CEST 2012

On 28/03/2012 1:18 AM, Roy Smith wrote:
> In article
> <7909491.0.1332826232743.JavaMail.geo-discussion-forums at pbim5>,
>   Demian Brecht <demianbrecht at gmail.com> wrote:
>> OAuth 2.0 is still in draft status (draft 25 is the current one I believe)
>> and yes, unfortunately every single server available at this point have
>> varying degrees of separation from the actual spec. It's not a
>> pseudo-standard, it's just not observed to the letter. Google is the closest
>> and Facebook seems to be the farthest away (Stack Exchange is in close second
>> due to building theirs to work like Facebook's).
> In practice, OAuth is all about getting your site to work with Facebook.
> That is all most web sites care about today because that's where the
> money is.  The fact that other sites also use OAuth is of mostly
> academic interest at this point.
> The next player on the list is Twitter, and they're not even up to using
> their own incompatible version of OAuth 2.0.  They're still using OAuth
> 1.0 (although, I understand, they're marching towards 2.0).

Almost all "social" or "sharing" sites implement OAuth - either 1.0 or 
2.0.  Facebook is clearly the big winner here but not the only player. 
It's also used extensively by google (eg, even their SMTP server 
supports using OAuth credentials to send email)

I'd go even further - most sites which expose an API use OAuth for 
credentials with that API.


More information about the Python-list mailing list