On 8/27/2013 3:22 PM, Matt Wringe wrote:
On 27/08/13 02:20 PM, Bill Burke wrote:
> Well, you need to remember that OAuth 2 is a framework and not a
> complete protocol. The actual authentication part with the auth server
> is the most "flexible" part of the API. I'd like to follow it as
> closely as possible though.
Yep, agreed. OAuth does not provide a complete protocol and leaves a lot
of stuff to the implementors to decide. It also makes a lot of stuff
optional and allows for custom extensions. It does however clearly
defined some areas and provides a defined protocol for them.
Unfortunately we are not exactly in line with the specification in all
areas and would need to make some changes to become compliant.
I am assuming that trying to 'follow it as closely as possible' means we
do want to be compliant and that issues should be filled where it does
not follow the defined sections?
What sections do you mean?
Bill
--
Bill Burke
JBoss, a division of Red Hat
http://bill.burkecentral.com