Comment 50 for bug 1029549

Regarding embedding oauth2... python-oauth2 is python2 only right now and in universe. The recommeded oauth module is apparently python-oauthlib in main.

I didn't want to go down the route of promoting python-oauth2 and having competing oauth recommendations for other packages. But it wasn't trivial to use python-oauthlib either (python2 only, its oauth2 support is young, and the API is different).

From a security perspective, do you prefer -oauthlib or -oauth2?