I’ve published the OAuth server work so far. This is probably broken, but that’s OK, because at least it’s a start. 🙂
Of particular note is the specification, which I’d appreciate thoughts on. This is intentionally kept as simple as possible, since it’s mostly standard OAuth 1.0a.
I’d especially love feedback on the scopes section of the document. I think this lays out a general set of scopes that cover most use cases, and anything that needs more complicated permissions can fall back to the general
* permission. I’m not sure yet whether defaulting to
* is the right idea; we may want to default to