Path: csiph.com!usenet.pasdenom.info!weretis.net!feeder1.news.weretis.net!feeder.erje.net!newsfeed.xs4all.nl!newsfeed6.news.xs4all.nl!xs4all!post.news.xs4all.nl!not-for-mail
Return-Path: <roland@catalogix.se>
X-Original-To: python-list@python.org
Delivered-To: python-list@mail.python.org
X-Spam-Status: OK 0.160
X-Spam-Level: *
X-Spam-Evidence: '*H*': 0.68; '*S*': 0.00; 'bishop': 0.09; 'openid': 0.09; 'cc:addr:python-list': 0.15; 'behalf,': 0.16; 'better?': 0.16; 'complicate': 0.16; 'finney': 0.16; 'keys,': 0.16; 'openid,': 0.16; 'stuart': 0.16; 'url:github': 0.16; 'wrote:': 0.21; 'alpha': 0.22; 'password.': 0.22; 'providers': 0.22; 'header :In-Reply-To:1': 0.22; '>>>': 0.24; 'work.': 0.25; 'cc:no real name:2**0': 0.26; 'cc:2**1': 0.26; 'cc:addr:python.org': 0.27; 'allows': 0.29; '27,': 0.29; 'subject:skip:i 10': 0.29; 'together.': 0.29; 'maybe': 0.31; 'url:mailman': 0.31; 'gets': 0.32; 'operations': 0.32; 'perform': 0.32; 'url:python': 0.34; 'there': 0.35; 'ben': 0.35; 'writes:': 0.35; 'url:listinfo': 0.36; 'really': 0.36; "i'm": 0.36; 'why': 0.36; '(for': 0.36; 'bringing': 0.36; 'but': 0.36; 'url:org': 0.36; 'charset:us- ascii': 0.36; 'thank': 0.37; 'some': 0.37; 'common': 0.38; 'client': 0.38; 'received:org': 0.38; 'someone': 0.38; 'proto:https': 0.39; 'address.': 0.39; 'uses': 0.39; 'being': 0.39; 'doing': 0.39; "can't": 0.39; 'allow': 0.39; 'act': 0.60; 'your': 0.60; 'close': 0.61; 'mar': 0.61; 'claim': 0.61; 'interactive': 0.61; 'such': 0.61; 'site': 0.62; 'provide': 0.62; 'real': 0.63; 'header:Message-Id:1': 0.65; 'account': 0.65; 'phone': 0.65; 'site.': 0.65; 'details': 0.69; '2012': 0.69; 'here:': 0.70; 'received:130': 0.73; 'behalf.': 0.84; '10:11': 0.91; 'picture': 0.97
X-Virus-Scanned: amavisd-new at catalogix.se
Subject: Re: OAuth 2.0 implementation
Mime-Version: 1.0 (Apple Message framework v1257)
Content-Type: text/plain; charset=us-ascii
From: Roland Hedberg <roland@catalogix.se>
In-Reply-To: <CADmi=6P56GZwDqJn-LbQneLTJwAboFPHQSAZXXs6j8fB8pMWwA@mail.gmail.com>
Date: Tue, 27 Mar 2012 15:36:22 +0200
Content-Transfer-Encoding: quoted-printable
References: <1973354.3.1332816158529.JavaMail.geo-discussion-forums@pbae2> <87haxahh51.fsf@benfinney.id.au> <CADmi=6P56GZwDqJn-LbQneLTJwAboFPHQSAZXXs6j8fB8pMWwA@mail.gmail.com>
To: Stuart Bishop <stuart@stuartbishop.net>
X-Mailer: Apple Mail (2.1257)
Cc: python-list@python.org, Ben Finney <ben+python@benfinney.id.au>
X-BeenThere: python-list@python.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe: <http://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive: <http://mail.python.org/pipermail/python-list>
List-Post: <mailto:python-list@python.org>
List-Help: <mailto:python-list-request@python.org?subject=help>
List-Subscribe: <http://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Newsgroups: comp.lang.python
Message-ID: <mailman.1038.1332855391.3037.python-list@python.org>
Lines: 59
NNTP-Posting-Host: 2001:888:2000:d::a6
X-Trace: 1332855391 news.xs4all.nl 6876 [2001:888:2000:d::a6]:55362
X-Complaints-To: abuse@xs4all.nl
Xref: csiph.com comp.lang.python:22242

And then to complicate the picture you have OpenID Connect which is an =
attempt at
bringing OpenID and OAuth2.0 together.

By the way I have an implementation of OpenID Connect here:

https://github.com/rohe/pyoidc

-- Roland

27 mar 2012 kl. 11:59 skrev Stuart Bishop:

> On Tue, Mar 27, 2012 at 10:11 AM, Ben Finney =
<ben+python@benfinney.id.au> wrote:
>> Demian Brecht <demianbrecht@gmail.com> writes:
>>=20
>>> I'm getting close to an alpha release of an OAuth 2.0 implementation
>>> (https://github.com/demianbrecht/py-sanction).
>>=20
>> Thank you for doing this work.
>>=20
>> As someone who uses OpenID, what can I read about why OAuth is =
better?
>=20
> They are different, and often you need to use both.
>=20
> OpenID allows web sites to authenticate someone. It is not really
> useful for anything not an interactive web site. The consuming site
> never gets your keys, it just gets confirmation from the provider that
> the user is who they claim they are and maybe some details that the
> provider chooses to provide such as an email address.
>=20
> OAuth is for generating authentication keys that allow a program to
> authenticate as someone and perform operations on their behalf. You
> use OAuth to generate a key so that Foursquare can send messages via
> Twitter on your behalf, or so the Facebook client on your phone can
> access your account without storing your password. You also get
> authentication here, as you can't generate a key without being
> authenticated, but the real reason it is used instead of OpenID is so
> you can keep the key and keep using it to act as the user; you can
> keep using that key until it expires or it is revoked.
>=20
> Authentication providers that don't provide a webapi just implement
> OpenID. Big sites like Google and Facebook implement both OpenID (for
> 'log in with your GMail account') and OAuth ('post this message to
> your Facebook wall').
>=20
> --=20
> Stuart Bishop <stuart@stuartbishop.net>
> http://www.stuartbishop.net/
> --=20
> http://mail.python.org/mailman/listinfo/python-list

Roland

-----------------------------------------------------------
With anchovies there is no common ground=20
-- Nero Wolfe