I’ve been working very extensively with this library over the last few months and I have to say that it really is very good. There isn’t any scenario, given it’s remit, that it takes care of admirably. Andrew Arnott is the primary developer on the library and takes a very active role in the Google Group and on StackOverflow.
It’s no work for the faint of heart getting OpenID and OAuth implemented on a web server, there are many issues to be aware of and many different flows to consider and work on. Security is never a nice topic to tackle and is the bane of many developers life, I know I’ve had my fair share of long head-scratching periods. Add into the mix the ever changing specification for OAuth 2.0 and you have a nightmare on your hands. Consistency is hard thing to achieve as the spec is actually quite woolly in places and leave a lot of decisions up to the individual implementer which only adds to the general confusion. Hence it’s a great idea to use a library.
This library is massive and this also seems to be woefully under documented. In fact this is the only negative thing to say about it, it is in desperate need of documenting properly. There is a growing number of discussions in the groups I mentioned before but it really could benefit from the developers starting on some solid documentation. Hint, hint 🙂 I’ve keep reading that people are close to giving up on the whole process which is sad considering once you get it right it’s all very reliable and problem free.