If you've ever written any code to authenticate wtih Twitter, you may have been confused by all the signature methods and base strings. You'll be happy to know that OAuth 2 has vastly simplified the process, but at what cost?
This talk will give an overview of the OAuth 2 spec, starting with the various options the standard gives to developers for building web apps and native apps. We'll look at what the end user sees, work our way to what developers using an OAuth 2 API deal with, and we’ll end up at what developers of OAuth-2-compliant APIs will need to know to successfully implement the standard.
Many large providers have recently deployed APIs using OAuth 2, including Facebook, Foursquare, Google, and more. But since OAuth 2 is technically still a "draft," many aspects of the spec change from month to month and it's sometimes hard to keep up. We'll cover the commonalities and differences between some of the major providers and draft versions. The security implications of some of the changes between versions 1 and 2 will be covered, along with recommendations for best practices. You'll also get a glimpse of the debates currently raging on the internal OAuth 2 mailing list.
Presented at Open Source Bridge 2011
Current list of OAuth 2 Providers