O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

OAuth 2

We have looked at the standard that has been employed by many of the top providers in the industry, OAuth 1.0a. Now it’s time to look at the emerging revision to that standard, OAuth 2, which has already been implemented by companies such as Facebook (to secure its Graph API) and Gowalla (to access its check-in services).

Warning

OAuth 2 is not compatible with the OAuth 1.0a workflow or token system. It is a complete revision to the specification.

There are a few major revisions to the specification that implementers should be aware of. Instead of having signing libraries such as those we used in the OAuth 1.0a examples, in OAuth 2, all requests are made via HTTPS requests. There is no longer any need to go through complex signing procedures in order to perform token exchange.

Another major difference has to do with the ease of implementation. Due to its reduced complexity, OAuth 2 will take far less time and effort to implement.

To understand this specification and how it works, let’s start by going through the OAuth 2 workflow.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required