Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #22242

Re: OAuth 2.0 implementation

Subject Re: OAuth 2.0 implementation
From Roland Hedberg <roland@catalogix.se>
Date 2012-03-27 15:36 +0200
References <1973354.3.1332816158529.JavaMail.geo-discussion-forums@pbae2> <87haxahh51.fsf@benfinney.id.au> <CADmi=6P56GZwDqJn-LbQneLTJwAboFPHQSAZXXs6j8fB8pMWwA@mail.gmail.com>
Newsgroups comp.lang.python
Message-ID <mailman.1038.1332855391.3037.python-list@python.org> (permalink)

Show all headers | View raw

And then to complicate the picture you have OpenID Connect which is an attempt at
bringing OpenID and OAuth2.0 together.

By the way I have an implementation of OpenID Connect here:

https://github.com/rohe/pyoidc

-- Roland

27 mar 2012 kl. 11:59 skrev Stuart Bishop:

> On Tue, Mar 27, 2012 at 10:11 AM, Ben Finney <ben+python@benfinney.id.au> wrote:
>> Demian Brecht <demianbrecht@gmail.com> writes:
>> 
>>> I'm getting close to an alpha release of an OAuth 2.0 implementation
>>> (https://github.com/demianbrecht/py-sanction).
>> 
>> Thank you for doing this work.
>> 
>> As someone who uses OpenID, what can I read about why OAuth is better?
> 
> They are different, and often you need to use both.
> 
> OpenID allows web sites to authenticate someone. It is not really
> useful for anything not an interactive web site. The consuming site
> never gets your keys, it just gets confirmation from the provider that
> the user is who they claim they are and maybe some details that the
> provider chooses to provide such as an email address.
> 
> OAuth is for generating authentication keys that allow a program to
> authenticate as someone and perform operations on their behalf. You
> use OAuth to generate a key so that Foursquare can send messages via
> Twitter on your behalf, or so the Facebook client on your phone can
> access your account without storing your password. You also get
> authentication here, as you can't generate a key without being
> authenticated, but the real reason it is used instead of OpenID is so
> you can keep the key and keep using it to act as the user; you can
> keep using that key until it expires or it is revoked.
> 
> Authentication providers that don't provide a webapi just implement
> OpenID. Big sites like Google and Facebook implement both OpenID (for
> 'log in with your GMail account') and OAuth ('post this message to
> your Facebook wall').
> 
> -- 
> Stuart Bishop <stuart@stuartbishop.net>
> http://www.stuartbishop.net/
> -- 
> http://mail.python.org/mailman/listinfo/python-list

Roland

-----------------------------------------------------------
With anchovies there is no common ground 
-- Nero Wolfe

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-26 19:42 -0700
  Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 14:11 +1100
    Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-26 23:30 -0400
      Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 14:49 +1100
        Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-26 23:57 -0400
          Re: OAuth 2.0 implementation Ben Finney <ben+python@benfinney.id.au> - 2012-03-27 15:24 +1100
            Re: OAuth 2.0 implementation Jack Diederich <jackdied@gmail.com> - 2012-03-27 01:24 -0400
            Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-26 22:30 -0700
              Re: OAuth 2.0 implementation Roy Smith <roy@panix.com> - 2012-03-27 10:18 -0400
                Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-03-27 10:54 -0700
                Re: OAuth 2.0 implementation Mark Hammond <skippy.hammond@gmail.com> - 2012-03-28 14:42 +1100
    Re: OAuth 2.0 implementation Stuart Bishop <stuart@stuartbishop.net> - 2012-03-27 16:59 +0700
    Socket Error : Address still in use  (Conveting from python 1.5.2 to 2.7.1) Wong Wah Meng-R32813 <r32813@freescale.com> - 2012-03-27 09:41 +0000
    Re: OAuth 2.0 implementation Roland Hedberg <roland@catalogix.se> - 2012-03-27 15:36 +0200
  Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 07:06 -0700
    Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-06 01:19 +1000
      Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 10:48 -0700
      Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-05 10:48 -0700
        Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-06 08:38 -0700
        Re: OAuth 2.0 implementation Demian Brecht <demianbrecht@gmail.com> - 2012-07-06 08:38 -0700
          Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-07 04:41 +1000
          RE: OAuth 2.0 implementation "Demian Brecht" <demianbrecht@gmail.com> - 2012-07-06 11:49 -0700
          Re: OAuth 2.0 implementation Alec Taylor <alec.taylor6@gmail.com> - 2012-07-07 04:58 +1000

csiph-web