OAuth is a an open standard scalable Protocol for Delegation of Authorization to server resources using HTTP

Generally, OAuth is a solution to the Password Anti-Pattern.

OAuth provides an open standard scalable method for Relying Party to Grant access to server resources on behalf of a Resource Owner.

OAuth also provides a process for end-users to authorize third-party access to their server resources without sharing their credentials using User-agent redirections.[1]

OAuth 1.0#

OAuth 1.0 is defined by the Informational RFC 5849 in April 2010 and was OBSOLETED by RFC 6749.

OAuth 2.0[2]#

OAuth 2.0 is an evolution of the OAuth protocol and is not backward compatible with OAuth 1.0. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, Mobile Devices, and living room devices. The specification and associated RFCs are being developed within the IETF OAuth WG; the main framework was published in October 2012.

The OAuth 2.0 Framework and Bearer Token Usage were published in October 2012. Other documents are still being worked on within the OAuth working group.

Some OAuth Implementations#

  • Facebook's new Graph API only supports OAuth 2.0.
  • Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs.
  • As of 2011 Microsoft has added OAuth 2.0 experimental support to their APIs.

More Information#

There might be more information for this subject on one of the following: