I also confirm this. Each provider is left to determine their own API to expose resources (most follow a RESTful interface).
However, the *authorization* portion is relatively consistent for each provider (relatively in that there are slight deviations, such as returned data being in either JSON or a URL format). The auth portion is something that *can* be easily implemented to cover all providers, for all server-side flows (I've tested both authorization code and client credentials flows with the library that I wrote). The rest is simply requests sent using the credentials retrieved by the auth flow. The point here is that cross-provider auth using slightly deviant OAuth 2.0 implementations can be a bit of a pain, especially if you aren't relatively intimately familiar with OAuth 2.0. IMHO, adding this to a framework is very little work, with relatively large benefit for the users. -----Original Message----- From: web2py@googlegroups.com [mailto:web2py@googlegroups.com] On Behalf Of Michele Comitini Sent: Wednesday, July 18, 2012 2:13 PM To: web2py@googlegroups.com Subject: Re: [web2py] Re: Alternative to Janrain: in pure Python I confirm. Information about the user depend on the producer. It is usually a simple REST call. In theory there is not even guarantee that any user data is available to the consumer. OAuth is about giving authorization to fetch authenticated user data by a third party, i.e. the OAuth consumer. The only specified result from a successful authentication is an expiring session token that must not contain any direct reference to user info. mic > The authentication is interoperable (is this user allowed to login?) > but not the request for credentials (who is this user?). > > > > > > On Wednesday, 18 July 2012 13:24:12 UTC-5, rdodev wrote: >> >> OAuth2 authorization for web2py would be huge. +1 >> >> On Thursday, July 5, 2012 10:42:20 AM UTC-4, Alec Taylor wrote: >>> >>> A rather good 64-line OAuth 2 client implementation for Python has >>> been open-sourced. >>> >>> Source-code (announcement) >>> >>> This has been tested-and includes example code-with: >>> >>> Facebook >>> Google >>> Foursquare >>> >>> https://github.com/demianbrecht/sanction/blob/master/example/server. >>> py >>> >>> Please share your thoughts below, specify if you would like how to >>> use it with web2py, e.g.: for the online web2py book. [Disclaimer: >>> haven't spoken with Massimo yet] >>> >>> Thanks, >>> >>> Alec Taylor > > -- > > > -- --
