Oauthlib: Needs more maintainers

I just released 2.0.3.
The remaining PRs need help.

Hello @thedrow I will help with other PR and you review this one https://github.com/idan/oauthlib/pull/484? What you say?

I'll make time for it during the weekend.
@ib-lundgren Do you have admin rights to this repo? Can I have those so I can add other maintainers as well?

@thedrow I'm happy to help out...

@skion Great to hear! I'll try to get more access to the repository.

I just emailed @ib-lundgren regarding more access to this repository.

How would I best help out?

I'm interested in getting this working for many reasons, both professional and personal, and I have - as of 11am Seattle time today - sign off from my CTO at my "day job" to use limited work time to make bug fixes and other improvements that can be merged upstream in order to assist in our professional use of the oauthlib and flask-oauthlib libraries, if it is indeed the pair we standardize on.

If however, I'm not able to get something simple working by the end of the week, I may be asked to do our project in GOLANG and that would preclude my being allowed to assist this project with the professional resources and support I could otherwise bring.

I have not been able to get anything working with the libraries yet, due to the issues already reported. #490 #463, etc.

If the current maintainers - @thedrow @lepture etc included - are willing to assist in getting the blockers fixed so I can show a simple demo and prove out the library to my executive, I may be able to get finish getting my company to provide me the time to start in and help out where I can with changes that we can all merge upstream to the benefit of the entire Python community. I'm sure it will mean I need to ramp up on the code, etc, but I have already printed out the RFC's and I need to learn this stuff anyway for work, so my thinking it this could help a lot of people out and solve multiple problems at once.

What we need is not more maintainers, but a main maintainer.

This project is still under the account of @idan, but he hasn't been maintaining this project. It would be good to move this project to an org. We can use https://opencollective.com/ to collect donations so that contributors can spare more time.

I thought @lepture was the main maintainer? Or at least, that's how it looks to me as a random developer looking in. ;)

I agree an org is important. I'm able to get my company to sign off on some work. but really any professional time I would be allowed to put in would be to fix issues and allow it to be more useful to people who don't want to use an expensive third party like Auth0 to be an identity provider. The rest would be me donating time of my own.

Do we have a way to assure @idan is in good health or otherwise just not busy? I would hate to roll in and just assume, etc.

That said, I would be happy to help if I can. One issue I can think of is the official package release system. Would that be lost?

I only have time to merge pull requests and release as it stands.
So this project needs donations/manpower to be able to release new features and complete additional OAuth2 related specifications such as #388

I would be happy it if let me log in using flask-oauthlib; right now even that critical functionality isn't working for me.

I'm wondering if its a version issue. I was trying to roll back versions more and more last night hoping for a working example if I hit the right combination of versions.. but that has not happened yet and I have rolled back/pinned all the versions I can think of.

The examples only get me as far as the initial auth token set in the session/shown on the page, all attempts to auth the remove.get(me) call on the client->server client side call side fail yet there is no debugging output or help as to why.

@duaneking Flask-OAuthlib should work well with OAuthlib 1.1.2

Here is the pinned version in Flask-OAuthlib

https://github.com/lepture/flask-oauthlib/blob/master/requirements.txt

If that's the only version that it can use, then there is a bigger problem here: Versions need to be as up to date as possible to get the security and bug fixes that are missing from the older versions.

Is it just lack of people that keeps this from being updated?

I have supersetted the OP's PR #388 (with my PR #498 ) in the interests of getting it moving, since the workload on it seemed low; hope that helps out a bit.

I'm being asked to get JWT working in oauthlib by my day job.

I have made an offer to help with JWT support on #50 as the docs all say to track that issue there.

Hi,
I would be interested to participate in OAuth2 related topics and server implementation (RequestValidator, grants, and so on), this includes issues review, PR merge & releases.

@duaneking @JonathanHuot I'm down to help as well as I'd like to see support for JWT.

I reached out to Github so that I'll get admin rights to this repository.
If it's not possible, we'll need to fork.

@thedrow awesome. Once we have 100 stars on that new repo we can move management over to opencollective.com to obviate this in the future. If we need to fund this as an organization in the interim, I'm happy to contribute to that cost.

No need for github interventions :) @thedrow, I'm happy to move it into an org

I'm already creating a fork now: https://github.com/lepture/authlib

But it's okay. An org still helps. Besides, my fork has other missions.

Please consider me willing to help.

@idan Please move the repository the newly created organization.

@idan Please move the repo so we can get on...

@thedrow I kindly emailed @idan a couple of days ago, but without response. Perhaps it's worth checking if GitHub can help out...

Github has already told me they cannot help.

@idan Do we need to clone?

I agree we need to clone, unless a final shout out to @idan works?

@thedrow Does one of us own the oauthlib org by any chance? If so we can start making plans to move our efforts there.

I have admin permissions to the oauthlib organization.

It's done! Moved to oauthlib/oauthlib

I've invited all volunteers to the new organization. Please accept the invitation.

@idan Thank you very much!