Splitting up OAuth Plugin

111 views
Skip to first unread message

Pelle Braendgaard

unread,
Jul 12, 2012, 8:59:56 PM7/12/12
to oauth...@googlegroups.com
There has been a long running suggestion to split out the oauth provider and oauth consumer parts of the oauth plugin.


I started it today as a client needs some of this done.

The work is being done in a separate branch for now and will eventually go into a new repo.


I've released the oauth-provider gem which is the first very experimental version of it


If you need this functionality please help test it out.

I would like to do the following as well.

Only support Rails 3 and onwards and only support OAuth 2.

This doesn't change the oauth plugin itself but maintenance of Rails 2.x is a bit of a pain and slows development of this.

OAuth 1 support also should not be used for new projects IMHO. But I'm willing to keep it in if people really require it. Remember you can still use the regular oauth-plugin.

Other breaking features I'd like to add is simplify the code quite a bit and only store digests of tokens.

Please comment

Pelle


--
http://picomoney.com - A whole new kind of money
http://payglo.be - Blog about payments from a global perspective

Carol Nichols

unread,
Jul 26, 2012, 5:34:09 PM7/26/12
to oauth...@googlegroups.com, pe...@stakeventures.com
This seems like a good plan to me (although I'm new to the OAuth implementation world, hi!)

Can you explain, or point to an explanation, of why you don't recommend OAuth 1.0 (or 1.0a?) for new projects?

I'm hoping to make http://rstat.us (https://github.com/hotsh/rstat.us) an OAuth provider in the near future, and I'm now hesitant to go with OAuth 2.0 in light of http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

If this discussion would be better in a new thread or a different venue, please let me know.

Thank you,
Carol

Pelle Braendgaard

unread,
Jul 26, 2012, 7:11:35 PM7/26/12
to Carol Nichols, oauth...@googlegroups.com
Hi Carol,

I need to write a blog response to Erans article. 

Eran made several good points about parts of the spec that only enterprises would ever be interested in. That said the basic core of OAuth 2 is still very good and I believe the best way to go.

I think I'm going to suggest that we define a basic profile, which is a simpler subset of the full spec. This is what everyone is doing anyway. Most people support bearer tokens and code, client credentials and password grants. Very few people support refresh tokens.

So creating a simple oauth 2 profile which would be the recommendation for new projects would be a good idea.

Pelle


-- 
http://picomoney.com - A whole new kind of money
http://payglo.be - Blog about payments from a global perspective

Ernie Miller

unread,
Aug 1, 2012, 6:51:07 PM8/1/12
to oauth...@googlegroups.com, pe...@stakeventures.com
On Thursday, July 12, 2012 8:59:56 PM UTC-4, Pelle Braendgaard wrote:

I would like to do the following as well.

Only support Rails 3 and onwards and only support OAuth 2.

This doesn't change the oauth plugin itself but maintenance of Rails 2.x is a bit of a pain and slows development of this.

OAuth 1 support also should not be used for new projects IMHO. But I'm willing to keep it in if people really require it. Remember you can still use the regular oauth-plugin.

Other breaking features I'd like to add is simplify the code quite a bit and only store digests of tokens.

Please comment

Pelle


Pelle,

Thanks for the update -- what does this mean for requests like https://github.com/oauth/oauth-ruby/pull/58 ? Should we be submitting these to a different repository in the short term? I can certainly roll my own gem with this particular fix, but would much prefer to have it in the official distro, as the fix is a blocker for some things I'm working on right now.

Thanks in advance!

-Ernie Miller

Pelle

unread,
Aug 2, 2012, 11:56:52 AM8/2/12
to oauth...@googlegroups.com, pe...@stakeventures.com, Aaron Quint
Hi Ernie,

I'm not really involved in the OAuth ruby gem anymore. I believe Aaron is the current maintainer, who I have CCd here.

The OAuthPlugin handles the integration on the rails side.

Pelle

Ernie Miller

unread,
Aug 2, 2012, 11:58:08 AM8/2/12
to oauth...@googlegroups.com, pe...@stakeventures.com, Aaron Quint
On Thursday, August 2, 2012 11:56:52 AM UTC-4, Pelle wrote:
Hi Ernie,

I'm not really involved in the OAuth ruby gem anymore. I believe Aaron is the current maintainer, who I have CCd here.

The OAuthPlugin handles the integration on the rails side.

Pelle


Oh, right -- of course. Sorry, I missed the distinction when I followed the link to this thread from Twitter. My apologies! 
Reply all
Reply to author
Forward
0 new messages