2. Contents What is OAuth Terminologies used for OAuth Working of OAuth protocol Use-cases of OAuth Available implementations of OAuth Other similar Vendor specific protocols Loopholes and drawbacks of OAuth
3. What is OAuth History OAuth started around November 2006, while Blaine Cook was working on the Twitter OpenID implementation. In April 2007, a Google group was created with a small group of implementers to write a proposal for an open protocol. In July 2007 the team drafted an initial specification and the group was opened to anyone interested in contributing. What is OAuth Protocol that allows to share private data hosted on x web site with y web site Its just a skeleton, Implementation can be vendor specific
4. Terminologies used for OAuth Consumer Application trying to access protected resource Service Provider website or web-service hosting protected resource User Owner of the protected data Protected Resource Images, Videos or documents hosted on web site or web-service which are protected by the user Tokens Random string of letters and numbers which is unique. Request Token, Access Token Scope Set of data hosted on service provider that user wants to share with consumer
5. Working of OAuth protocol Site Y is the consumer and site X is service provider Site Y has consumer ID and shared secret provided by site X to all its OAuth consumers User accesses site Y and wants to share private data hosted on site X Site Y sends the request to site X with Consumer ID and shared secret and asks for Request Token Site X returns Request Token to site Y Site Y redirects user to site X Login service with the request token User enters username/password or OpenID credentials to login to site X Site X validates the credentials, create Access token associated with the request token and redirects the user to site Y with the request Token Site Y sends the request token to site X asking for Access token Site Y gets the access token to access protected resources hosted on site X (Access token is valid only for limited period of time)
6. Use-cases of OAuth User wants to order prints of the protected photos shared on some photo sharing site see details Will be very useful for Mash-up Will help in Data Portability
7. Available Implementations of OAuth Google has released open source API to implement OAuth Yahoo has come up with Yahoo status application which supports OAuth Tripit is the first implementation of OAuth
8. Other Similar vendor specific protocols Google AuthSub Yahoo BBAuth (Browser Based Authentication) AOL Open Authentication Upcoming API Flickr API Amazon Web Services API