SammyK

Hey @mtdowling! Thanks for chiming in. :) > Guzzle 3 (the library this project seems to use) has a bundled CA cert, which has the potential to become outdated. Ah...

> relying on the system bundle makes it easier to deploy client libraries The point I was proposing was related to security, not ease which unfortunately don't seem to go...

> I think it becomes theoretically less secure because your application would now implicitly have to trust that the certs provided by the client library are up to date and...

Yay community. (Thanks for the RT too) :D

Wow @rdlowrey! Thanks for such an amazing response! :D > I would use the built-in CA verification tools and retrieve fingerprint hashes for the specific Oauth providers That sounds like...

Thanks @rdlowrey! Haha: `date_default_timezone_set('UTC'); // F U Derick` ...@derickr gets no love! :)

**TL;DR:** This is a really hard problem to solve and would probably get the OAuth Client versioned as v[DNF](https://en.wikipedia.org/wiki/Development_of_Duke_Nukem_Forever) if we tried to figure it out before a 1.0 alpha....

I'm certainly open to that idea. This could work assuming we: - Have a secure and automated way to update the cert fingerprint for each provider & also tag and...

I'm +1 for consistency but only to a degree. The Facebook provider tries to use a [ubiquitous language](http://martinfowler.com/bliki/UbiquitousLanguage.html) between the provider and the Facebook platform. For example, the resource owner...

Thank you for the feature request @gnumoksha. At the moment the tracer does not support log levels so all messages are logged when `DD_TRACE_DEBUG=1`. I cannot provide an ETA for...