OAuth2.0 Compatibility about oauth-php HOT 20 OPEN

Noted. But for the moment, since it's a first draft, I'll wait. If anybody is
interested in implementing this, let me know.

Understandable.  For reference, here's a link about OAuth 2.0
http://wiki.oauth.net/OAuth-2.0

I'm interested in the "Client Credentials Flow" part of this spec:
http://tools.ietf.org/html/draft-ietf-oauth-v2-05#page-35

It seems useful for providing a third party access to my application to
programatically do stuff that's not on behalf of a particular user.

It's pretty similar to two-legged oauth, but I suppose the intention is a little
different.

I know the spec is still in a lot of flux but I'm eagerly anticipating OAuth2 
support. Hopefully things settle down a bit now that draft6 is out.

I think there´s no one with enough spare time to implement OAuth2.0 draft6. :( 
If someone reads this and wants to get this "framework" to the next level, 
please send a message to bruno. He would surely give you svn write access! :o)

Yes, unfortunately I can't work on it right now. But I can grant you write 
access very, very quickly :)

Interesting discussion about OAuth 2.0: 
http://www.devcomments.com/OAuth-Server-2-0-at227858.htm
(just a side note ;o))

What is the progress on this? The spec is at draft 10 
(http://tools.ietf.org/html/draft-ietf-oauth-v2-10)

We're looking for developers. Care to help?

From what I read of the spec, it's very unlikely that oauth-php will be able to 
support it without major changes. Many places would need a complete rewrite. 
It's questionable whether the API could be maintained and keep backward 
compatibility with 1.0a.

As such, it's not likely right now that support to 2.0 will be written. If 
anybody cares to help, please let me know.

Hi,

accordingly André's comments and fixes i want xAuth in the server. I think, 
xAuth is better for mobile clients which uses oauth for verify requests. For a 
example please take a look to Twitter API and used xAuth services.

Best regards
Enno

@enno0815de: as written in the wiki, xauth has nothing do with oauth. It will 
not be implemented.

ok, so i will implement it in andré's server... ;)

hi,

i have implemented xauth in oauth-php server. if i should upload the changes to 
this repository, i need access to it. if anyone need more help, mail me =]

best regards
enno

@enno0815de: I sent you a private email. 

[deleted comment]

@enno0815 : brun... is right, xAuth has nothing to do with OAuth as in 
that(xAuth) protocol developer collects username and password from user and 
sends with the request, which diesnt suffice the purpose of OAuth and against 
fundamental principles behind it i.e. in short words Authentication with 
username and password!!

So we shouldn't be bringing that functionality to oauth-php repo rather it 
should be separate project itself if you intend to do.

@bru... : i would humbly request not to merge that code with oauth-php repo 
rather separate branch would be an option..

As far as Compatibility with OAuth 2.0 is concerned can we define abstarct 
methods in Server Module and switch the Methods according to oauth_version 
variable which we recieve through Request.

I am new to oauth implementing it first time and an intermediate programmer.
I am in process of deploying oauth-php on my server,any suggestions or feedback 
would be greatly appreiciated.


Regards,
nEosAg

I did get enno's code. Due to his IDE reformatting the code, it's almost 
impossible to generate a diff, which is why this has not progressed further. 
Comparing files manually is a lot of work and error-prone.

I still think that xauth and oauth are two different beasts, but xAuth requires 
OAuth. If xauth can be supported by this library and not hassle those people 
who do not want it, or break backwards compatibility, I'm inclined to add 
support to it. 

The problem with oauth 2.0 compatibility is that the protocol has changed 
considerably, and the current oauth-php flow may not be compatible with the 2.0 
protocol. 

For reference, Google is now also supporting OAuth 2.0
http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.ht
ml