Ib Lundgren
Ib Lundgren
As per http://tools.ietf.org/html/draft-ietf-oauth-assertions-10 A new and from a brief look a very generic grant type with two orthogonal purposes, client auth and as auth grants. Need to check spec maturity...
Currently [tokens.py](https://github.com/idangazit/oauthlib/blob/master/oauthlib/oauth2/draft25/tokens.py) match the [00](http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00) version of the MAC token spec which is also the one linked from the [OAuth 26 draft](http://tools.ietf.org/html/draft-ietf-oauth-v2-26#section-13.2). A new [01](http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-01) version of the MAC token...
As per http://tools.ietf.org/html/draft-ietf-oauth-saml2-bearer-13.
http://oauthlib.readthedocs.org/en/latest/ is shaping up nicely but there are still a lot to do. Essentially study http://jacobian.org/writing/great-documentation/ and see what is missing, could be clearer, restructured, etc. Do we have docs...
Get started on http://oauthlib.readthedocs.org/en/latest/oauth2/security.html Possible topics - The importance of HTTPS - Issues that can come from multiple grant type clients and token "sharing" - Rotating refresh tokens
Document use cases for each and how they relate to the validator methods.
These tests should be automated but could be excluded from the standard suite if there is no good way to hide real client ids and secrets in a test setup...
The whole _client.client indirection is pretty awkward and confuses me all the time. It might be time to get rid of the requests_oauthlib.OAuth2 _client by copying in it's functionality directly...