O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

The OAuth 1.0a Standard

Before we discuss the newest OAuth standard, OAuth 2, we must do our due diligence and cover the version of the standard used by many of the top Internet-based companies (e.g., Yahoo!, Google): OAuth 1.0a.

The OAuth 1.0a standard was developed to give providers a way to implement a user authorization model, in which a user authorizes an application to access privileged information on her behalf from her profile and friends.

OAuth offers some major improvements over traditional models such as basic auth, including:

  • Instead of having to send the user’s username and password to the provider with every authentication request, you are working with abstract access tokens that do not share any of the user’s passwords.

  • Since tokens are issued from a provider site, they can be revoked at any time, putting more control into the user’s hands. Several providers also implement a token expiration mechanism that requires an application to periodically renew the access token to continue making requests for user data.

  • Users can see the tokens that they have active (i.e., which applications can access their data) on the provider site, meaning they can manually revoke access to an application. Since the application does not have a user’s login credentials, it cannot make further requests for her data once she has revoked authorization.

Now that we’ve covered its benefits, let’s continue our exploration of OAuth 1.0a by looking at how the token exchange process works for a user, an ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required