Comment 5 for bug 1240382

Some notes Steve Martinelli sent me to help:

1. The following are spots where we currently use the old library:
https://github.com/openstack/keystone/blob/master/keystone/contrib/oauth1/core.py#L33 (to 40 - plug points for the library)
https://github.com/openstack/keystone/blob/master/keystone/contrib/oauth1/core.py#L123 (splitting headers)
https://github.com/openstack/keystone/blob/master/keystone/contrib/oauth1/controllers.py#L181 (to 192 - verifying request for request token call)
https://github.com/openstack/keystone/blob/master/keystone/contrib/oauth1/controllers.py#L251 (to 267 - verifying request for access token call)
https://github.com/openstack/keystone/blob/master/keystone/auth/plugins/oauth1.py#L57 (to 72 - verifying request for authenticate call)
https://github.com/openstack/keystone/blob/master/keystone/tests/test_v3_oauth1.py (a bunch of places)

2a. The part that bugs me about oauthlib is the fact that you have to implement an interface (RequestValidator), https://oauthlib.readthedocs.org/en/latest/oauth1/server.html#implement-a-validator . At least this is my impression upon reading the docs.
2b. Actual RequestValidator class: https://github.com/idan/oauthlib/blob/master/oauthlib/oauth1/rfc5849/request_validator.py , raises a lot of not implemented exceptions.

3. I did find one instance of a coder that had to switch from using python-oauth2 to oauthlib, for a client application he was writing, it'll be handy for migrating the tests: https://github.com/gfairchild/yelpapi/commit/71b0a947d56445fe71750255827a07c56ce3f1e5

Indeed, the RequestValidator might be the tricky part.