Looking forward to it (and will keep thinking about how to do OAuth best in the meanwhile).

I think it doesn’t fit into repoze.who because r.who only deals with authentication, but it’d be a wonderful addition to the authorization framework I’ve been working on, which I hope to make TurboGears-independent, either as part of the Repoze project or as an independent project.

It can basically work where repoze.who can work, although it has some TurboGears-specific bits. I would wait until it’s fully independent of TurboGears.

Cheers!

Hope to have some time this week, shouldn’t be too much left (basically it’s working) but some documentation would be good (well, and tests but testing openid is always a bit tricky due to it’s redirecting nature but maybe somebody wants to help out).

I was also playing around with OAuth recently but the big question is if it fits really into repoze.who. Nevertheless I guess it can make sense as sort of middleware which basically gives you back the token and you can decide upon the token what you allow and what not. But some thinking and discussion needs to go into this (as we did a little on #repoze).

Any news can then be found on my blog.

The stuff you write about also sounds quite cool. Will this also be usable in any WSGI context?