The Current State of OAuth 2
Presented at WebVisions, New York, January 19, 2012 and Open Source Bridge, June 22, 2011, Portland Oregon
WebVisions, New York
Open Source Bridge, Portland
Notes
OAuth 2 Implementations
| Provider | Draft | Reference |
|---|---|---|
| Deutsche Telekom | -10 | http://www.ietf.org/mail-archive/web/oauth/current/msg06844.html |
| -10 (ish) | https://developers.facebook.com/docs/authentication/oauth2_updates/ | |
| Foursquare | -10 | http://aaron.pk/2YS |
| Geoloqi | -10 | http://geoloqi.org/API |
| Github | -07 | http://develop.github.com/p/oauth.html |
| -10 | http://code.google.com/apis/accounts/docs/OAuth2.html | |
| Gowalla | -8 | http://gowalla.com/api/docs/oauth |
| Meetup | -15 | http://www.meetup.com/meetup_api/auth/#oauth2 |
| Salesforce | -10 | http://aaron.pk/2YW |
| Windows Live | -10 | http://aaron.pk/2YV |
Excerpt
If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
Description
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
References
- http://windowsteamblog.com/windows_live/b/developer/archive/2011/05/04/announcing-support-for-oauth-2-0.aspx
- http://googlecode.blogspot.com/2011/03/making-auth-easier-oauth-20-for-google.html
- https://developers.facebook.com/docs/authentication/
- http://groups.google.com/group/foursquare-api/msg/5f5dfb179b27fa1a
- http://gowalla.com/api/docs/oauth
- https://developers.facebook.com/docs/authentication/oauth2_updates/
- http://blogs.msdn.com/b/windowsazureappfabric/archive/2010/09/16/windows-azure-appfabric-labs-september-release-now-available.aspx
- http://www.ietf.org/mail-archive/web/oauth/current/msg04391.html
- http://develop.github.com/p/oauth.html
- http://geoloqi.org/API
- https://github.com/geoloqi/oauth2-php
- http://blog.benward.me/post/968515729
- https://www.ietf.org/mailman/listinfo/oauth
- http://www.ietf.org/mail-archive/web/oauth/current/msg05907.html
- http://tools.ietf.org/html/draft-ietf-oauth-v2-10#section-5
- http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-04#section-2
- http://tools.ietf.org/html/draft-ietf-oauth-v2-http-mac-00#section-3
- http://twitter.com/blaine/status/83539367100030976
- http://code.flickr.com/blog/2011/06/21/flickr-now-supports-oauth-1-0a/
- http://aaron.pk/oauth2
