OAuth: Token-Based Authorization for the Social Networking Age

by Jaswinder Singh

The OAuth token-based authorization system allows users to grant third-party access to their resources without sharing their usernames and passwords. It's perfect for the age of data scattered across many social networking sites.

In an age when web users have their social data scattered across different social sites and they want to access and use this data from outside these sites, developers face the serious security challenge of enabling users to access their private data in social sites without having to share their credentials.OAuth is the perfect solution. This open authorization protocol that allows standard and secure API authorization without exposing the user's credentials. OAuth also provides a mechanism to grant limited access (in scope, duration, and so on).

In his Web Developer's Virtual Library (WDVL) article, Jaswinder Singh provides an overview of OAuth's token-based authorization system and explains how this system works between two web sites. At a high level, the elements involved are:

  • User: Social network (Orkut, Facebook, Twitter, iGoogle, etc.) users like you and me
  • OAuth Provider: Web site or social networking site where the user's private resources are stored
  • OAuth Consumer: Web site, social networking site, mobile device, set-top box, etc. trying to access the protected resource on the other site

Read the full story at Web Developer's Virtual Library:
OAuth: Token-Based Authorization for the Social Networking Age

This article was originally published on Friday Mar 5th 2010
Mobile Site | Full Site