Open Authentication (OAuth) is an open standard for authorizing applications to access data on a user’s behalf. Through OAuth, we can secure a user’s personal and social graph information.
We will start this chapter by looking at a simple method that many provider sites employ to secure private resources: basic authentication. We will explore the pros and cons behind this type of implementation from the perspectives of the provider, the application, and the user.
With that exploration completed, we will jump into OAuth 1.0a, and the newer revision OAuth 2.0, which both offer a secure and open way to protect users’ privileged profiles and data. We will look at how the authorization flows of these two standards work, and then dive into end-to-end examples to showcase the power behind the specifications.
By the end of this chapter, we will have a comprehensive understanding of how OAuth can be used to protect private data and resources.