Creating third party API on a Plone site using OAuth2?

Question

We might want to create third party API to access our Plone CMS site data. One of possible methods to share the user priviledges in third party systems is OAuth2, as used by Twitter, Tumblr and Facebook. This way the third party gains the user priviledges after the user clicks "Allow" in the dialog for accessing one's data.

• Is there an existing solutions where Plone acts as OAuth2 host (not sure about the terminology)

• What other options there might be for this use case

I am not in rush, this is 2014 planning :)

Answer 1

As far as I know pmr2.oauth is the only package (disclosure: I also wrote this) that provide OAuth provider support for Plone (i.e. this lets Plone act as an "OAuth host", including support for scope so to let users know what they are allowing, like Twitter et. al.). There is another package that I briefly looked at called wsgioauth, but it is a fairly general package and it's for wsgi, so I ended up building my own package (and it looks like wsgioauth hasn't been maintained for 3 years now).

Currently it only supports OAuth 1.0; reason for that is that at the time of development there were no good OAuth 2.0 libraries, especially for providers. Only recently the support for RFC 6749 (the actual OAuth 2.0 standard) is beginning to surface through oauthlib, which is the library that does the signing of requests for pmr2.oauth. That said, hopefully I have it written in a way that is modular enough to plug in support for OAuth 2.0, or at least the core is easy enough to be modified to include support for this. I would be more than happy to have the Plone community to take it and improve on it (or even fork it off, or anyone knowledgeable in this area) as I don't have any immediate plans to include support for OAuth 2.0 yet.