Overview#OAuth is a an open standard scalable Protocol for Delegation of Authorization to server resources using HTTP
Generally, OAuth is a solution to the Password Anti-Pattern.
OAuth 1.0#OAuth 1.0 is defined by the Informational RFC 5849 in April 2010 and was OBSOLETED by RFC 6749. OAuth 2.0 is an evolution of the OAuth protocol and is not backward compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, Mobile Devices, and living room devices. The specification and associated RFCs are being developed within the IETF OAuth WG; the main framework was published in October 2012.
Some OAuth Implementations#
- Facebook's new Graph API only supports OAuth 2.0.
- Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs.
- As of 2011 Microsoft has added OAuth 2.0 experimental support to their APIs.
More Information#There might be more information for this subject on one of the following:
- Access Proxy
- An IETF URN Sub-Namespace for OAuth
- Authentication Protocol
- Authenticator App
- Covert Redirect Vulnerability
- FAPI Pushed Request Object
- Fast Healthcare Interoperability Resources
- Federated Authorization for UMA 2.0
- Identity Provider (IDP)
- Loopback Interface Redirection
- OAuth 2.0
- OAuth 2.0 Demonstration of Proof-of-Possession at the Application Layer
- OAuth 2.0 Security-Closing Open Redirectors in OAuth
- OAuth 2.0 Vulnerabilities
- OAuth 2.0 for Native Apps
- Open Bank Project
- OpenID Connect Scopes
- Portable Contacts
- RFC 5849
- Scopes vs Claims
- Single Sign-On Scenarios
- Token Binding Protocol
- Token Binding over HTTP
- User-Managed Access
- Web Authentication API
- Web Blog_blogentry_160718_1
- Why OpenID Connect