(Or, Refreshing Your OAuth Knowledge)
As we are getting ready to work on the next version of OAuth, focused on security and interoperability, it is time to refresh your knowledge of protocol and its design principals. Over the past few days I went back to the OAuth guides to draw ideas for my rewrite of the Core 1.0 specification. I’m trying to produce a purely editorial revision, writing a better specification without making any changes to the meaning of the previous normative text. Something like an unofficial Second Edition.
So if it has been a while since you last read the specification, wrote code, or read the guides, now is the time to refresh…
The guide is still a work in progress, but provides good coverage for those getting started with the protocol. If there are topics you want to see covered, please let me know.
The Beginner’s Guide to OAuth
- Introduction
- End-user Benefits
- Scope
- Specification Structure
- Definitions
- End-use experience
- Protocol requests
Part III: Security Architecture
- Beyond HTTP Basic Auth
- Direct & Delegated Access
- Credentials
- Signature and Hash
- Secrets Limitations
- Timestamp and Nonce
- Signature Methods
- Signature Base String
- Complete interactive walkthrough on how to sign OAuth requests
- Tool resource for debugging your OAuth application
