Yes it is definitely possible. OAuth2.0 was born because OAuth1.0 had all sort of hashing to do on both client and server side. That was to allow for better security, on a clear channel, but failed since OAuth1.0a is deprecated on non TSL channels. They really simplified things in OAuth2.0 so it is much easier to implement, but as Massimo points out the spec is still a bit rough and does just a little more than OpenID. Anyway OAuth2.0 is now adopted by Twitter, Linkedin, Google and Facebook (actually with some little differences, but nothing serious). This means that having OAuth2.0 service is now seen as an important feature. It is something on my TODO list so if you go ahead I can give you some support.
mic 2012/5/29 Massimo Di Pierro <massimo.dipie...@gmail.com>: > Theoretically yes. In fact I may even have somewhere a Oauth 1.0 server. > > The problem is that the Oauth 2.0 specs are very poor. They specify how a > the client asks the server if a user is authenticated but do not say > anything about what information the server should provide to the client > (user name? email?). This means a client written for one server will only > work with that server and vice versa. The facebook Oath 2.0 follows its own > rules. You can build a client that works with it. You can build a server > that mimics them but there is very little in the Oauth 2.0 spects that tells > you how to. Moreover your app is unlikely to provide the same services as > facebook and therefore clients written for facebook will not work for it. > > I would stay away from Oauth 2.0 unless you need it as a client to > authenticate to third party services. > > Massimo > > > On Monday, 28 May 2012 20:25:52 UTC-5, Horus wrote: >> >> I have seen that web2py supports integration with Facebook + Twitter. >> What if I want to create my own OAuth2 Server like what is offered by >> Facebook and Twitter? >> Is this possible with Web2Py?
