Core Platform Team/Initiative/OAuth2/Epics, User Stories, and Requirements


 * Phase 1
 * Define relationship between OAuth 1.0 and OAuth 2.0 in codebase
 * Define scopes for OAuth 2.0 (id, read, write, admin, ...)
 * Implement token endpoints, authorization endpoints
 * Implement authorization workflow for Discourse
 * Test with Wikimedia-hosted Discourse instance
 * Security review
 * Phase 2
 * Implement internal classes for using OAuth 2.0 tokens in API calls
 * Add OAuth 2.0 as an optional authorization method for one first API (REST API, probably)
 * Add OAuth 2.0 as an optional authz method for Action API
 * Add OAuth 2.0 as an optional authz method for RESTBase
 * Interface for requesting, managing, and deleting API keys
 * Interface for users to list and delete tokens
 * Clear all OAuth 2.0 tokens when password changes
 * Clear all OAuth 2.0 tokens on request
 * Security review