OAuth – A General Introduction

OAuth is basically an open protocol that allows secure API authorization in a simple and standard method from desktop, web and mobile applications. This technical definition may bamboozle many of you, but in a nutshell it is an authorization method that allows you to share your private information like photos, videos, contact list stored on one site with another site without having to disclose your username and password.

OAuth is certainly not a new idea – a lot of providers have their propriety based authorization methods like FlickrAuth, Google Authsub and Yahoo BBAuth. There as also other ways for authenticating web services like HTTP requests whereby username and password are parsed to the provider. The aim of OAuth is to define an open and secure authorization protocol that maintains consistency for developers while making authorization easy for your users to understand and use.

To better understand how OAuth works, take a look at the interactive demo below. In this example, the site Beppa is an online printing service and the user would like it to pull images stored on another site Faji for printing. As you’ll notice, OAuth replaces the need for usernames and passwords parsing from one provider to another. Instead it users tokens and hashing signatures to accept authorization requests.

The future of OAuth looks very promising with the proliferation of APIs , mashups and most importantly user generated content. Given that it is an open specification, there are many open source libraries available in different platforms: code.google.com/p/oauth and oauth.net/code.