OAuth 2.0


OAuth is a an open standard, scalable, RESTful Protocol for Delegation of Authorization to server resources using HTTP.

Generally, OAuth is a solution to the Password Anti-Pattern.

OAuth 2.0 is an evolution of the OAuth Protocol and is NOT backward compatible with OAuth 1.0.

OAuth 2.0 NOT an Authentication protocol#

OAuth Not for Authentication

Remember that OAuth 2.0 NOT an Authentication protocol OAuth 2.0 provides Delegation, Consent and Authorization

Developer Simplicity#

OAuth 2.0 focuses on developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. The specification and associated RFCs are being developed within the IETF OAuth WG; the main framework was published in October 2012.

Of course focuses on developer simplicity invokes the Law of Complexity by moving the complexity from the developer realm into the Authorization Server and Resource Server.

OAuth 2.0 was expected to be finalized by the end of 2010 according to Eran Hammer. However, due to discordant views about the evolution of OAuth, Hammer left the working group.

The OAuth 2.0 Framework and Bearer Token Usage were published in October 2012. Other documents were and are still being worked on within the OAuth working group.

What is missing in OAuth 2.0#

What is missing in OAuth 2.0.

Additional OAuth 2.0 RFCs#

More Information#

There might be more information for this subject on one of the following: