Substantial differences between draft 16 and draft 20?

[eykd]

In the docs, it's noted that this is providing support for OAuth 2.0, draft 16. The spec is now on to draft 20, and there appear to be significant changes to the spec in draft 17, changes that appear (based on a superficial scan) to affect the authorization workflow. I haven't yet reviewed all the changes, as I'm not very familiar with the spec, nor its perturbations. Are you aware of the updates to the spec, are they substantive, and are you planning to support the spec in its final form?

[eykd]

Also, thanks for releasing this. :) I was beginning to worry that there was no OAuth 2.0 in python.

[wehriam]

Sorry for not getting back to you sooner - I lost track of my GitHub notifications for a while. I am not familiar enough with the current draft to comment but would appreciate any insight you have.

[eykd]

OAuth was too hard, so I went shopping instead. Looks like the draft is up to 23 now. It's kind of annoying that the standards process is taking so long, while potentially incompatible clients and servers are getting cast in stone at a scattershot of draft levels, then used in production! The protocol is hard enough to understand, without having to account for different flavors of it. :/

Mind you, I'm frustrated with the protocol itself, not your code. :) If I ever come back to OAuth for any reason, I'll take another look here.