oauth v2

[fade]

I have a need for an oauth v2 flow for a financial API. I'm wondering if you would be amenable to accepting a pull request to north, to support version 2 flows? I haven't read through North's source code yet, so any caveats assuming this is something you're open to?

best regards.

[Shinmera]

As far as I understood oauth2, the flows are very vendor-specific, so I'm not sure to what extent that could be done.

I might remember wrong, though, so... can't say.

[fade]

By my read they're more standardized in v2, but the primary difference appears that there's a final round trip where the authorization grant is exchanged for an access token, where v1 would just receive the access token in the default flow where v2 returns the authorization grant... this would also open up the authentication flow for openid from various third party providers. My goal is to cooperate upstream, instead of just doing the lisp thing and generating another library, but if you don't think it worthwhile in this case, I defer to your superior experience in this domain.

[Shinmera]

It warms my heart to hear about the desire to cooperate :)

I wouldn't be opposed to making north into a general oauth library, though it would need to support both 1.0a and 2.0 flows on both the server and client sides. It's been years since I looked into this stuff so I can't comment on how amenable the structure of north is to doing that. I'd hope it wouldn't be too big a deal.

[fade]

I'm just starting to read through the code, so I don't know either. I'll do that, and if I think it can be grafted in I'll do the work in a feature branch. I'll endeavour to structure things so that they default to whatever North does right now, out of the box.

[Shinmera]

Sounds good!