Jul 18th, 2011, 12:30 PM
Future/Roadmap for this Project?
I've been making use of OAuth for Spring Security for quite a while now, though in a demonstration mode only. Know I need to work on some code for maintaining client credentials and access tokens in Cassandra, rather than the default in-memory implementations.
I've not had to think about OAuth for a while and figured I'd update Maven to get the latest release. As far as I can tell from the download link, the latest still 1.0.0.M3 (2011-03-15). Is there still active development being done on this project? I guess I was hoping for 1.0.0.RELEASE by now. Or, at least an M4.
Just curious how viable an option this is. Has everybody just run off to Apigee, Mashery etc.?
Jul 18th, 2011, 06:23 PM
The biggest thing holding up a 1.0.0.RELEASE is the failure of the OAuth committee to produce a final draft of the OAuth 2 spec.
The biggest thing holding up a 1.0.0.M4 is just lack of time and resources to get it done. I thought I'd have a 1.0.0.M4 by now, but the work keeps getting bumped behind projects that I'm actually getting paid for :-). The only thing left to cut 1.0.0.M4 is to get it up-to-date with the latest draft of the OAuth 2 spec. It just takes some time to read through the latest draft, figure out the differences, and apply any changes. The changes usually aren't that big, it just takes some time to parse the spec and make sure we're up-to-date.
So there you have it, as candid as I can be. I'm not sure if that settles you or unsettles you, but I can assure you that development is active on the project, even if it's slow.
Jul 19th, 2011, 11:22 AM
Thanks for the candid description. I certainly appreciate it. It does settle me more than it unsettles me. I can understand the issues of the ongoing OAuth 2 spec process as well as the competing demands of the day job(s). I'm not sure how Spring Source works in regards to sub-projects and whatnot in terms of support or even compensation etc., compared to when the project was hosted at codehaus. I figured that meant project developers had more of a job than continuing to do volunteer work. That was just a guess on my part though. That would not help with OAuth spec changes, of course.
I have a client that is has said "just hand off that OAuth stuff to Apigee". But, they aren't cheap and it's nice to know what in-house options are available; especially for someone familiar with Spring and Spring Security.
Thanks you very much for your hard work on implementing OAuth! My query was not a slam or anything. I just needed to know what is going on. Thanks again for sharing.