awesome-go icon indicating copy to clipboard operation
awesome-go copied to clipboard

Published 20 hours ago verified publisher icon avelino

Remove oauth2

Open tonimelisma opened this issue 2 years ago • 4 comments

The library is no longer being actively maintained. It has over 110 open issues from 8 years ago, several causing it to no longer conform to the standards. There's plenty of eager maintainers with over 70 pull requests, which have not been commented or merged. This is a security (authentication) library which makes lack of maintenance even more dire. I can't see how the library would fulfill awesome-go criteria anymore, thus suggest it should be removed.

tonimelisma avatar Nov 01 '22 03:11 tonimelisma

Thank you for contributing with awesome-go, we will revise your contribution as soon as possible.

Automation body links content check:

  • godoc.org or pkg.go.dev: True
  • goreportcard.com: False
  • coverage: False

your project is about to be approved, it's under revision, it may take a few days

avelino avatar Nov 01 '22 03:11 avelino

Report Issues / Send Patches

This repository uses Gerrit for code changes. To learn how to submit changes to this repository, see https://golang.org/doc/contribute.html.

The main issue tracker for the oauth2 repository is located at https://github.com/golang/oauth2/issues.

https://github.com/golang/oauth2#report-issues--send-patches

I agree that the team that maintains the project needs to pay more attention, but the project is not dead

avelino avatar Nov 01 '22 14:11 avelino

I didn't mean to imply the project is dead. I simply suggested it no longer fulfills the requirements to be showcases on the awesome go libraries list.

An oauth library needs to support security critical functionality which is added to the oauth standard. Especially something added 7 years ago! I would assume bugs would also need to be fixed and some attention paid to issues and pull requests submitted, to be considered to be on the list. Am I wrong in assuming that?

tonimelisma avatar Nov 08 '22 18:11 tonimelisma

Or, to be an "awesome" go project, would a working example be required, or documentation of key functions that would actually explain what they do?

tonimelisma avatar Nov 08 '22 20:11 tonimelisma

Github repo seems to be active now. If the project ever becomes stale again we can discuss this.

phanirithvij avatar Oct 02 '23 21:10 phanirithvij

Hey @phanirithvij there's no activity in the repo? It's just updating dependencies? The library isn't even compatible with standard oauth2 implementations in the wild because of the missing core functionality which is mandatory nowadays. If you don't want to remove the repository because it's authored by famous company or used to be widely used, or just don't want to bother with removing it, that's fine, but the repository is still not actively maintained.

tonimelisma avatar Oct 07 '23 20:10 tonimelisma

What are these other standard projects? Is there a oauth2 project that is prefered by everyone over golang/oauth2?

phanirithvij avatar Oct 08 '23 02:10 phanirithvij