Hi jallwine,
We can add OAuth-2, or OAuth-3 when it arrives, side-by-side with OAuth-1.
OAuth-2 may look simpeler than OAuth-1 for specific use cases but it really is a much broader and more complex framework than OAuth-1.
Only a very limited subset of OAuth-2 may be considered simpeler than OAuth-1, but then the API would not really be OAuth-2 anymore as it is
not complete.
The generic access token idea can be used in OAuth-1 as well : in your example the myawesome3dprintingsite.com has its regular OAuth-1 Consumer
Key but also requests an Access Token. This is the generic access token.
The Access Token is used by myawesome3dprintingsite.com to upload its users' creations to the "My Awesome 3D Printing Shapeways shop" at
Shapeways. There is no OAuth exposure to the myawesome3dprintingsite.com users here.
Set the model upload to Shapeways to 'private' and use the secretKey which the API returns with which the user can get access to the model to order it.
-- Hans