Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #22234

Re: OAuth 2.0 implementation

References <1973354.3.1332816158529.JavaMail.geo-discussion-forums@pbae2> <87haxahh51.fsf@benfinney.id.au>
Date 2012-03-27 16:59 +0700
Subject Re: OAuth 2.0 implementation
From Stuart Bishop <stuart@stuartbishop.net>
Newsgroups comp.lang.python
Message-ID <mailman.1034.1332842368.3037.python-list@python.org> (permalink)

Show all headers | View raw

On Tue, Mar 27, 2012 at 10:11 AM, Ben Finney <ben+python@benfinney.id.au> wrote:
> Demian Brecht <demianbrecht@gmail.com> writes:
>
>> I'm getting close to an alpha release of an OAuth 2.0 implementation
>> (https://github.com/demianbrecht/py-sanction).
>
> Thank you for doing this work.
>
> As someone who uses OpenID, what can I read about why OAuth is better?

They are different, and often you need to use both.

OpenID allows web sites to authenticate someone. It is not really
useful for anything not an interactive web site. The consuming site
never gets your keys, it just gets confirmation from the provider that
the user is who they claim they are and maybe some details that the
provider chooses to provide such as an email address.

OAuth is for generating authentication keys that allow a program to
authenticate as someone and perform operations on their behalf. You
use OAuth to generate a key so that Foursquare can send messages via
Twitter on your behalf, or so the Facebook client on your phone can
access your account without storing your password. You also get
authentication here, as you can't generate a key without being
authenticated, but the real reason it is used instead of OpenID is so
you can keep the key and keep using it to act as the user; you can
keep using that key until it expires or it is revoked.

Authentication providers that don't provide a webapi just implement
OpenID. Big sites like Google and Facebook implement both OpenID (for
'log in with your GMail account') and OAuth ('post this message to
your Facebook wall').

-- 
Stuart Bishop <stuart@stuartbishop.net>
http://www.stuartbishop.net/

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-26 19:42 -0700
  Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 14:11 +1100
    Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-26 23:30 -0400
      Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 14:49 +1100
        Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-26 23:57 -0400
          Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 15:24 +1100
            Re: OAuth 2.0 implementation Jack Diederich <jackdied@gmail.com> - 2012-03-27 01:24 -0400
            Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-26 22:30 -0700
              Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-27 10:18 -0400
                Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-27 10:54 -0700
                Re: OAuth 2.0 implementation Mark Hammond <skippy.hammond@gmail.com> - 2012-03-28 14:42 +1100
    Re: OAuth 2.0 implementation Stuart Bishop <stuart@stuartbishop.net> - 2012-03-27 16:59 +0700
    Socket Error : Address still in use  (Conveting from python 1.5.2 to 2.7.1) Wong Wah Meng-R32813 <r32813@freescale.com> - 2012-03-27 09:41 +0000
    Re: OAuth 2.0 implementation Roland Hedberg <roland@catalogix.se> - 2012-03-27 15:36 +0200
  Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 07:06 -0700
    Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-06 01:19 +1000
      Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 10:48 -0700
      Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 10:48 -0700
        Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-06 08:38 -0700
        Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-06 08:38 -0700
          Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-07 04:41 +1000
          RE: OAuth 2.0 implementation "Demian Brecht" <demianbrecht@gmail.com> - 2012-07-06 11:49 -0700
          Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-07 04:58 +1000

csiph-web