OAuth 1.0
The OAuth 1.0 guide covers the protocol as defined by RFC 5849 and includes many corrections and improvements from previous blog posts and the original Beginner’s guide. To stay up to date about all things OAuth, check this page or subscribe.
- Introduction
- History
- Terminology
- Specification Structure
- Protocol Workflow
- Security Framwork
- Authentication
OAuth 2.0
OAuth 2.0 is a work in progress at the IETF. I am no longer involved in the 2.0 effort and have withdraw my name and support from it.
Recent posts on the subject:
- #fuckoauth @realtimeconf
- On Leaving OAuth
- OAuth 2.0 and the Road to Hell
- OAuth 1.0 Blog Cleanup
- OAuth 2.0 Redirection URI Validation
- OAuth Bearer Tokens are a Terrible Idea
- More OAuth Nonsense
- OAuth 2.0 (without Signatures) is Bad for the Web
- Twitter a Hot Princess, Google an Empty Castle
- All This Twitter OAuth Security Nonsense
- Introducing OAuth 2.0
- Open Questions About OAuth 2.0 Authentication
- What's going on with OAuth?
- 2009 Year-End Status Report
- Sneak Peek: The Authoritative Guide to OAuth 1.0
