rauth icon indicating copy to clipboard operation
rauth copied to clipboard
verified publisher icon litl

Split out core OAuth logic

Open maxcountryman opened this issue 12 years ago • 4 comments

Currently we are moving steadily towards decoupling the OAuth logic from the client logic. Eventually I think the ideal would be to completely split apart these two layers of logic such that we can provide an entirely generic solution that might be used by clients and servers.

The OAuth 1.0a signing logic is battle-tested in a way most libraries are not; it actually works with dozens of providers and is used daily. Similarly the OAuth 2.0 logic shares this quality and is relatively simple anyway.

I think that moving this logic into two modules, oauth1.py and oauth2.py is probably the best approach, to begin with. Eventually we could even provide an entirely independent package. The goals here should be 1) simple API 2) practical implementation 3) and of course, well tested.

Most of the work is already done to provide the basis for this. The nuanced bit of this is probably deciding what additions servers might require. But because the signing procedure works in practice, servers may use this to validate and verify OAuth requests (even today this is possible, albeit it means pulling in Requests which is unnecessary from a server point of view). The rest of a server implementation is fairly domain specific, and we've seen other libraries stumble over this, trying to make a one-size-fits-all solution that frankly ends up being quite a mess.

I'm opening this up for discussion. Thoughts, ideas, comments are all appreciated.

maxcountryman avatar Apr 23 '13 15:04 maxcountryman

Hey,

First off, nice work on what seems to be a very easy to use library for OAuth!

I'm coming from another corner of the python OAuth world and think we have been working in parallel towards a similar goal. It might be a benefit to everyone to look into whether any collaboration would be possible =)

I'd be happy to discuss anything that comes to mind, here or in other mediums (IRC, Hangout, Skype).

My dabblings with OAuth is first and foremost with OAuthLib which is a http framework/request agnostic library that aims to provide a thorough implementation of OAuth 1 & 2 per the spec. It supplies functionality both for clients and providers. The OAuth 1 client implementation is quite mature and the other parts steadily advancing. You can see the w.i.p. docs at http://oauthlib.readthedocs.org/en/latest/.

OAuthlib powers requests-oauthlib which in turn powers Twython, among other things.

ib-lundgren avatar May 21 '13 15:05 ib-lundgren

You're more than welcome to contribute to rauth. We welcome community contributions! Feel free to reach out to me directly as well. Cheers.

maxcountryman avatar May 21 '13 16:05 maxcountryman

We now have an independent library that could satisfy this goal: https://github.com/maxcountryman/simpleoauth. At some point, we should integrate this into rauth.

maxcountryman avatar Jan 24 '14 17:01 maxcountryman

Thanks to oauthlib and rauth Frappe framework is using both libraries now.

Oauthlib in frappe is recent addition https://github.com/frappe/frappe/pull/2167

Rauth has been used in frappe to enable Github, Google and Facebook social logins. Now it can connect to frappe (oauthlib) server completing the circle!

Using rauth with internal oauthlib https://discuss.erpnext.com/t/oauth-2-provider-for-frappe-apps/15652/6

revant avatar Oct 25 '16 08:10 revant