Overview#OAuth is a an open standard scalable Protocol for Delegation of Authorization to server resources using HTTP
Generally, OAuth is a solution to the Password Anti-Pattern.
OAuth 1.0#OAuth 1.0 is defined by the Informational RFC 5849 in April 2010 and is considered obsolete. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are being developed within the IETF OAuth WG; the main framework was published in October 2012.
It was expected to be finalized by the end of 2010 according to Eran Hammer. However, due to discordant views about the evolution of OAuth, Hammer left the working group.
Some OAuth Implementations#
- Facebook's new Graph API only supports OAuth 2.0.
- Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs.
- As of 2011 Microsoft has added OAuth 2.0 experimental support to their APIs.
More Information#There might be more information for this subject on one of the following:
- An IETF URN Sub-Namespace for OAuth
- Authentication Protocol
- Authentication Request
- Identity Provider (IDP)
- OAuth 2.0
- OAuth 2.0 Vulnerabilities
- OpenID Connect Scopes
- Portable Contacts
- Single Sign-On Scenarios
- Token Binding Protocol
- Token Binding over HTTP
- User-Managed Access
Add new attachment
Only authorized users are allowed to upload new attachments.