Chapter 3. OAuth Connectivity
On the Web, authentication is vital. Particularly with Open APIs, applications are relying more and more on resources that are spread all across the Web. Very few service providers offer APIs without some form of security or authorization. Some service providers just want to identify the consuming application via an API key, while others that deal with more sensitive user information have finer-grained authorization mechanisms such as OAuth.
To put OAuth into context, consider the following scenarios:
An online photo lab printing your Flickr photos
A social network using your Google address book to look for friends
A fitness app that posts your progress to Twitter
It’s great to utilize all these resources, but in order for these applications to access user data on other sites, they ask for usernames and passwords. Not only does this require exposing a user’s password to some random application on the Web, but also provides these applications unlimited access to do as they wish.
So how do you allow a third-party application access to your account without disclosing your credentials? How can you grant partial access to your account, such as allowing an application to read your updates but not post any on your behalf? What if this third party application turns out to be malicious in some way? You need a way to revoke access at any time. These sort of situations are where OAuth comes in. OAuth provides a method for users to grant third-party access to their ...
Get Getting Started with Mule Cloud Connect now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.