What is OAuth?
OAuth is a simple standard for simple API authentication.
OAuth allows you to share your private resources (photos, videos, contact list, bank accounts) stored on one site with another site without having to hand out your username and password. There are many reasons why one should not share their private credentials. Giving your email account password to a social network site so they can look up your friends is the same thing as going to dinner and giving your ATM card and PIN code to the waiter when it’s time to pay. Any restaurant asking for your PIN code will go out of business, but when it comes to the web, users put themselves at risk sharing the same private information. OAuth to the rescue
What is new with OAuth?
OAuth has now been implemented across all Google Data APIs, quickly offering this young standard for easy mashups more market validation than it's ever had before.
It is a standard method of authenticating users across different services means that mashup builders need only write one authentication process, then apply it to all data sources that support the standard. That's hot and new, and it's now spreading faster around the web than we thought.
Who is supporting OAuth?
Yes Google, Youtube data API, Drupal, Yahoo!!, Digg, jaiku, magnolia, Pownce, Plaxo, Flickr, FireEagle, and a long list ...... supports OAuth now.
Google's Support to OAuth...
As per announcement by google last week now OAuth support is available for all Google Data API's . So now youtube, contacts api, orkut, gmail api, calender api.... all supports OAuth which sounds awesome!!.
So now with google's full support OAuth is becoming huge and and it seems that an era with secure mash ups services is coming their way.
How OAuth works ??
Now this must be a big Question in everyone's mind how this OAuth thing actually works ...
There is a whole Draft written out for guidelines how OAuth works but here below I am showing it in an easy pictorial way its working and implementation to different plateforms....
Some Terms :
Service Provider: Service Provider is the term used to describe the website or web-service where the restricted resources are located.Say a bank website or a photosharing service like flickr.
USER : Users of web services like you and me.
Consumer : It is a fancy name for an application trying to access the User’s resources. This can be a website, a desktop program, a mobile device, a set-top box, or anything else connected to the web.Consumer is what who is getting permission to access resources on Service Provider on user's behalf.
Protected Resources: It is stuff of user which is shared with consumer. This could be photos from a photo sharing site or your bank account information to a third party site.
Tokens : Tokens are used instead of User credentials to access resources. A
Token is generally a random string of letters and numbers (but not limited to) that is unique, hard to guess, and paired with a Secret to protect the Token from being abused. OAuth defines two different types of Tokens: Request and Access.
Continue reading...
