Massimo, If an OAuth2 server is viable, would it also support the "Two-Legged" authentication case?
That is, I need to use OAuth2 to support a mobile app user logging in to a server and maintaining a long-term session, where both are produced by the same company (my employer). Please note that I am new to web2py and although it looks impressive, I have to dig a little deeper than the docs. Thanks ... Richard Prosser PS We may well move to the more conventional "Three-Legged" case in future, hence the use of OAuth I believe. On Tuesday, 29 May 2012 03:39:06 UTC+1, Massimo Di Pierro wrote: > > Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. > > The problem is that the Oauth 2.0 specs are very poor. They specify how a > the client asks the server if a user is authenticated but do not say > anything about what information the server should provide to the client > (user name? email?). This means a client written for one server will only > work with that server and vice versa. The facebook Oath 2.0 follows its own > rules. You can build a client that works with it. You can build a server > that mimics them but there is very little in the Oauth 2.0 spects that > tells you how to. Moreover your app is unlikely to provide the same > services as facebook and therefore clients written for facebook will not > work for it. > > I would stay away from Oauth 2.0 unless you need it as a client to > authenticate to third party services. > > Massimo > > On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >> >> I have seen that web2py supports integration with Facebook + Twitter. >> What if I want to create my own OAuth2 Server like what is offered by >> Facebook and Twitter? >> Is this possible with Web2Py? > > -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
