Eliminate "classic" OpenId support

[cemerick]

No description provided.

[jeluard]

Are you still considering doing this? Also it might make sense to do something similar for http-basic for consistency reason, to cleanly separate core from specifics and because it depends on commons-codec.

If you are ok with it I would be happy to move forward and proceed with the split. BTW any preferences between lein-modules and lein-sub? lein-modules seems like a stronger alternative.

[cemerick]

Yes, this needs to happen. But, I was going to put the code in a separate repo, not just a separate project. The pains and needs of those working with OpenID shouldn't necessarily affect friend releases, and vice versa.

But, I could live with a lein-modules arrangement, if you're game for setting that up.

[jeluard]

Actually a separate repo is probably much simpler and reduce the general noise. That's probably the best option.
Let me know how I can help if you follow this path.

[cemerick]

Unless you're interested in taking over maintenance of the OpenID workflow entirely, I think it's something I just need to make time to do. If that's something you are interested in, then there's all sorts of details that should be worked out…

[jeluard]

Honestly I am not very interested in maintaining it. Actually I was curious about the state of this issue because I don't use openid and all the weird libraries it pulls scare me a little :)

[cemerick]

Heh, understandable. So, hopefully I'll get around to this sooner rather than later. Until then, :exclusions is your friend (ba-da-dum!).

[cemerick]

Changing this to eliminate the "legacy" openid support entirely. OpenId has transitioned to be a layer on top of oauth (called "OpenId Connect"), and there is already a workflow for this incarnation of it: https://github.com/Mayvenn/friend-google-openid

More generally, it's clear that oauth is the authz protocol going forward, flavoured as it is by various additional standards and implementations. This makes the decision to nix "classic" openid support much easier.

[jeaye]

Steam, the largest digital distribution platform for PC gaming, uses OpenID 2.0 still and apparently has no plans to change this (more info). It'd be really great if this could be kept in Friend for the upcoming release, rather than being removed, since there are clearly still some big players in the game who're using it.

I don't know what its maintenance costs are but, for a non-volatile spec which has been implemented and is working, I'd guess it's not too high. Aside from assumed lack of need, are there key reasons for removing OpenID 2.0 support?