OAuth2 format of client_id about django-oauth-toolkit HOT 5 CLOSED

Hi @wiliamsouza

do you think we should use oauthlib functions as a default implementation? is that really necessary?

I mean, the generate_client_id function in oauthlib is more compliant because it uses all the chars defined in the RFC, ok, but at the same time specification leaves you free to decide how the client_secret and the client_id should be generated (google for example use the following as client_id 1084945748469-eg34imk572gdhu83gj5p0an9fut6urp5.apps.googleusercontent.com).

I expect that developers want to use their own generation function and this can be achieved extending BaseHashGenerator and adding your class to settings:

OAUTH2_PROVIDER = {
    'CLIENT_ID_GENERATOR_CLASS':
        'foo.bar.YourClientIdGenerator',
    'CLIENT_SECRET_GENERATOR_CLASS':
        'foo.bar.YourClientSecretGenerator',
}

In the end, I don't think your proposal is a bad idea but I'd like to think about it for a moment.
If you want to continue the conversation I'll be glad.

Thnx a lot

from django-oauth-toolkit.

I'm in favor to provide the default as especifield by the rfc and let the user choose what to use. I don't see any problem in the way it work today the issue is more informative that oauthlib provides functions to generate client id and secret.

from django-oauth-toolkit.

I thought about it and I think it's a good to use oauthlib generation function as the default implementation... it's really better! Anyway we need to add some limitations to client_id generated strings: see issues #24 and #25 for more details.

from django-oauth-toolkit.

I agree to use oauthlib generation functions as default implementation. However we need to solve quoted issues (I'm on it).

from django-oauth-toolkit.

I merged the PR, think we can close

from django-oauth-toolkit.