If a sizable part of the community can agree and come up with a better OAuth 2, then by all means possible, implement it! Shipping code wins, always.
I'm admittedly unable to assess the situation, but from what I gather from people who can, there will be N implementations of OAuth 2.x anyway, all non-interoperable. One may just as well literally fork the standard, fix it, implement the fixed spec and release that. If it ends up more useful than both OAuth 1.0 and OAuth 2.0 then people will hopefully use it. If not, we'll have a broken standard anyway.
This is true! We need to work on solution and not on forks with solutions.
but 1 thing about oauth2. It's damn small and easy. There is nothing to "fork" in it. This is why we need to fix 2 vulns(from my post) and make it slightly more interoperable.
I'm admittedly unable to assess the situation, but from what I gather from people who can, there will be N implementations of OAuth 2.x anyway, all non-interoperable. One may just as well literally fork the standard, fix it, implement the fixed spec and release that. If it ends up more useful than both OAuth 1.0 and OAuth 2.0 then people will hopefully use it. If not, we'll have a broken standard anyway.