We now have the HTTPAuth infrastructure so people can roll their own. But it would be nice if we had an already-written full implementation of OAuth2, including bearer tokens, so people can just use it without writing their own auth implementation.
Ideally we'd do this in a way that the access token type is generic, and we'd provide the implementation of bearer token. This way anyone who needs a different access token type can still use the overall OAuth2 support and just implement the access token part themselves.
We now have the
HTTPAuthinfrastructure so people can roll their own. But it would be nice if we had an already-written full implementation of OAuth2, including bearer tokens, so people can just use it without writing their own auth implementation.Ideally we'd do this in a way that the access token type is generic, and we'd provide the implementation of bearer token. This way anyone who needs a different access token type can still use the overall OAuth2 support and just implement the access token part themselves.