What is OAuth?

OAuth is an open protocol to allow simple API authentication in a simple and standard method from Web and Desktop applications.          

In today's web, people do not like to share or exchange all their stuff on one service. Today, we prefer to use Flickr for photos, YouTube for videos, Amazon for shopping, etc. In order to make integration of different web services (in order to satisfy all customer/user needs), APIs using Services API in a secure fashion are used. To provide a secure way of this type of communication, OAuth is a very good option.

OAuth uses token based authentication system for users and APIs. The token provided by OAuth system will provide a much safer and risk free browsing experience to users.Also, these tokens are time bound an amount of access time to another service and then it expires automatically (could be a two hour access time).The OAuth approach might be considered better than the OpenID approach as users don't have to do anything to undertstand it. They just browse normally with their existing methods but in a secure manner.

OAuth and Drupal's Services API - summer of code 2008 Project

Services is a standardized api for Drupal that allows you to create "services", or a collection of methods, intended for consumption by remote applications. It works similar to the existing XMLRPC capabilities of Drupal, but provides additional functionality like:

• pluggable "server" modules allowing for other protocols (like SOAP, REST, AMF)
• pluggable "service" modules allowing developers to add additional remote services
• a service browser and method tester
• api key security
• remote session handling
• a number of included service modules which interact with existing Drupal modules like node, taxonomy, user, views, and system

Right now security model of Services API in Drupal supports -

• API key security method
• Session handelling method

After integration of OAuth to services API it will also support OAuth authentication method for security.

How OAuth is gonna be Integrated to Drupal and Services ?

Right now we are working with Andy Smith's OAuth php library to implement OAuth to Drupal and Services API.OAuth is coming to Drupal with OAuth module, this module provides functionalities like

1. End point detections for different authentication calls

• Request Token URL : http://example.com/?q=oauth/request
• Authentication URL : http://example.com/?q=oauth/auth
• Access Token URL : http://example.com/?q=oauth/access

1. A test browser to make test calls to any OAuth server implementation to produce request and access tokens.A Demo installation is here http://tut2tech.com/sb2/?q=admin/build/oauth you can test my server OR can make calls to any other server implementation of OAuth.
2. A form to make user choose from different Services offered by his/her account to grant access to external web/desktop application.

• At present this module supports 3 methods to produce tokens which are
  
  HMAC-SHA1

  PLAINTEXT

  RSA-SHA1

  

   

  What about client side implementation of OAuth to Drupal ?

  Right now Services API in Drupal supports just server side implementation as it just acts as Server. But by release of Drupal 7 we will be taking care of Client side Implementation of OAuth as well because Services API in D-7 is gonna implement both Server side and Client side.