Comments (5)
I wasn't aware that the RFC was different from 1.0a. Thanks for pointing that out.
I think the correct answer is to namespace everything currently under oauthlib/ to oauthlib/oauth1_RFC5849/ but keeping the class names OAuthServer and OAuthClient. Then when we implement oauth2 it can be namespaced under oauthlib/oauth2_draft18/ or whatever.
@idangazit didn't want to change it right now, so I'll follow his lead on when is the best time to restructure.
from oauthlib.
Sounds good. Really like the structure of the OAuthLib now and think its advancing awesomely.
Noted another thing...
Currently resource owner key and resource owner secret is set to mandatory arguments to OAuthClient which might not be what we want. When obtaining a request/temporary token the client will usually have neither, the resource owner secret is most often obtained together with the "access token" in the last step of the authentication.
The oauth_token parameter may be set to an empty string so maybe that would be a good default value? Or None and not include it in params at all if not set. (http://tools.ietf.org/html/rfc5849#section-2.1)
The resource owner secret could safely be set to None without affecting the HMAC-SHA signature.
from oauthlib.
Changes required to the library should in theory be very straightforward. Simply point out where we're not adhering to the spec, and if you're correct, it's a bug, without exception. In the case where a paramater has a default if not specified or is not required, it should be represented as a keyword argument in the method used to fulfill that part of the spec, again without exception.
If you'd like to send a pull request for this particular change, I'd be happy to look it over and give you pointers if it's not pythonic, but I think you have the right idea. To satisfy the pedant in me, please open as a separate issue if you want to send a pull request.
from oauthlib.
Right, I'll do that in the future then =)
from oauthlib.
Closing since these changes have been made.
from oauthlib.
Related Issues (20)
- Pre-configured OIDC server should use OIDC refresh token grant type HOT 5
- Security Issue in OAuthLib HOT 1
- CI/Pipeline broken since TravisCI consumed all "OSS credits" HOT 2
- Merging the fix of CVE-2022-36087 into tag v3.2.1 HOT 8
- URI validation does not support shortform localhost IPv6 URIs HOT 1
- Latest version on pypi.org (3.2.2) not reflected here - is it safe? HOT 2
- private_key_jwt
- Will the default warning behavior for scope changes be updated? HOT 1
- Please support http.client as the a request client HOT 3
- OAuth2Session is not pickleable HOT 2
- Docs: Add link to GitHub project sidebar? HOT 1
- Support for refresh token expiration
- typing issues HOT 2
- Problem with use oauthlib with last version cryptography
- Adopt `build` because running `setup.py` is deprecated for security reasons
- Oauthlib not catching error: CompactToken validation failed with reason code: 80049228 HOT 1
- accessing session user in validate_silent_login
- fastapi Support HOT 1
- Modifications of headers returned by Client.prepare_*_request affects future calls
- Csrf warning
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauthlib.