What’s OAuth?• An Open Protocol to allow secure API authorization in a simple and standard method for mobile, desktop and web application;• a protocol for developing password less APIs;• a way for an application to interact with an API on a user’s behalf without knowing the user’s authentication credentials.
Hypothetical Scenarios“Import pictures from Picasa “Allow Dailymotion read into Virgilio Photo Album” Virgilio’s User data” End User End User Service Consumer Service Provider Consumer Provider
B2B shared information• Consumer Key: a value used by the Consumer to identify itself to the Service Provider;• Consumer Secret: a secret used by the Consumer to establish ownership of the Consumer Key;• The Consumer establishes a Consumer Key and a Consumer Secret with the Service Provider to be authenticated; the Consumer needs to be registered!
OpenID & OAuth• OpenID: helps determine who you are - AUTHENTICATION;• OAuth: deﬁnes how to give access to protected data - AUTHORIZATION;• They are complementary; a site that supports OAuth could also support OpenID for authentication!!!
OAuth is Production Ready!!!• Google• Yahoo!• MySpace• Digg• Twitter• Magnolia• Plaxo ... and much more!