OAuth 2.0 Tutorial
Jakob Jenkov |
OAuth 2.0 is an open authorization protocol which enables applications to access each others data. For instance, a game application can access a users data in the Facebook application, or a location based application can access the user data of the Foursquare application etc.
Here is a diagram illustrating the concept:
Example of how OAuth 2.0 is used to share data via applications. |
The user accesses the game web application. The game web application asks the user to login to the game via Facebook. The user logs into Facebook, and is sent back to the game. The game can now access the users data in Facebook, and call functions in Facebook on behalf of the user (e.g. posting status updates).
OAuth 2.0 Use Cases
OAuth 2.0 can be used either to create an application that can read user data from another application (e.g. the game in the diagram above), or an application that enables other applications to access its user data (e.g. Facebook in the example above).
OAuth 2.0 is a replacement for OAuth 1.0, which was more complicated. OAuth 1.0 involved certificates etc. OAuth 2.0 is more simple. It requires no certificates at all, just SSL / TLS.
OAuth 2.0 Specification
The purpose of this tutorial is to provide an overview of the OAuth 2.0 protocol that is easy to understand. It is not the purpose to describe every detail of the specification, though.
If you plan to implement OAuth 2.0 you will most likely need to visit the specification to study it in full detail. You can find the specification here:
http://tools.ietf.org/html/draft-ietf-oauth-v2-23
Feel Free to Contact Me
If you disagree with anything I write here about the OAuth 2.0 tutorial, or just have comments, questions, etc, feel free to send me an email. You wouldn't be the first to do so. You can find my email address on the about page.
Tweet | |
Jakob Jenkov |