My group has been using OAuth 1.0a for its delegation needs and would
like to upgrade to using OAuth for 2.0. We have looked at Apache Amber
as a possibility, but I would like know
* Is this actively being used (vs. developed)?
* Development seems to have stalled -- is this because of the fact that
the RFC seems to be stuck in limbo?
* Are there any other community approved standard implementations of
--> Finally, those of you using some form of OAuth 2.0, where did you
I suspect that many people have simply rolled their own implementation
of a subset (Twitter, Facebook) and are using that, which means there is
little incentive for the community as a whole to come out with a full
implementation. If this is the case, this would be a crucial point for
us. Our needs are really for a pretty small subset of OAuth 2 which we
could probably write ourselves. We would just prefer whatever the
reference implementation is.