OAuth

- Started by: Chris Messina & Blaine Cook http://oauth.net/about
- Development started: November 2006 http://oauth.net/about
- Debut: July 2007 http://oauth.net/about
- Popular service providers: Twitter, Google, Yammer and FireEagle

OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications.
On April 23, 2009, a security advisory was released after major vendors, such as Twitter, implemented fixes for the security hole. The security hole was in the OAuth request token approval flow. http://oauth.net/advisories/2009-1
Background

The OAuth project was started in November 2006 when Blaine Cook was working on Twitter's OpenID implementation (which was never publicly released). Blaine needed a way to allow users, who use OpenIDs to authenticate, to have access to API resources. Blaine gathered quite a few people to join the conversation on how this problem could be solved.
On December 4, 2007, the OAuth 1.0 spec was released into the wild. Many companies, including Flickr, Google, Pownce, and Twitter implemented OAuth to allow access to protected resources through authorization, instead of relying on users to give their password out to anyone who asks.

Featured

Leah Culver gives a talk about OAuth. Interested in hearing more? Watch the entire talk on Justin.TV.

Comments (0)

Write a comment...
Mahalo Answers for OAuth
- Does anyone still use Twitter apps that ask for your twitter password, when OAuth now eliminates that need? 1 Answer
  
  Unfortunately, yes. Many desktop apps haven't yet moved over to OAuth because Twitter's desktop OAuth implementation was just released recently. Also, many Twit... read more
- Why a request token is needed in OAuth? 1 Answer
  
  The Request Token in oauth plugin is used for the Authentication phase of the Oauth protocol.This is only used from the Consumer Service side. You ask a Consum... read more
view more questions...
OAuth Links Powered by Google
- oauth - Google Code
  
  oauth · API needz authorized? Project Home ... Groups: Core · Extensions · OAuth -Ruby · How to join? Project owners: hammerlahav,...
  code.google.com
- OAuth — An open protocol to allow secure API authorization in a ...
  
  OAuth is a simple way to publish and interact with protected data. It's also a safer and more secure way for people to give you access. ...
  oauth.net
- Ruby OAuth GEM
  
  For more detailed instructions I have written this OAuth Client Tutorial and " How to turn your rails site into an OAuth Provider ...
  oauth.rubyforge.org
- OAuth - Wikipedia, the free encyclopedia
  
  OAuth is an open protocol, initiated by Blaine Cook and Chris Messina, to allow secure API authorization in a standard method for desktop, mobile and web ...
  en.wikipedia.org
- Twitter API Wiki / OAuth FAQ
  
  OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password. ...
  apiwiki.twitter.com
view more links...
OAuth News and Blog Posts Powered by Yahoo
- Security flaw leads Twitter, others to pull OAuth support
  
  Due to a security threat in the OAuth spec related to callbacks, Twitter and other OAuth service providers had to pull OAuth support for a day until they could fix the issue.
  news.cnet.com
- What's the deal with OAuth?
  
  Twitter's official announcement of OAuth capabilities being made public.
  blog.twitter.com
- Coming soon: no more passwords, giveaways!
  
  Twitter is introducing OAuth support in addition to its current authentication scheme for its API, HTTP basic auth.
  twitterrati.com
OAuth Videos Powered by YouTube
view more videos...
OAuth Images Powered by Flickr and Google
view more images...

ask any question

On Twitter Powered by Twitter
- Re: oauth Process flow and status Part 1... http://sigma.binarybrainz.com/sfttwitterfeeds/tvytf
- @UllaAino got one. Check your authorizations from oauth page in settings and remove all unnecessary
- @abraham My guess to my oAuth Q: I should get real from home ISP for my computer.
- http://twitter.com/mizunohito/statuses/6074824119 "@dekosuke 自分もtwitter用ではPython-twitterがあるのは把握していたのですがね・・・其れだとOAuth使えないので調べたら出てきました [幻燈]"
- test my twitter/Oauth
view more tweets...
Related Mahalo Pages

OpenID | Blaine Cook | Chris Messina | API | Twitter API | Twitter | Flickr | Google | Netflix | [[Yahoo!]] | Yammer