The OAuth guide is currently being rewritten to catch up with the latest OAuth revision and latest information. The completed parts of the new guide are available now. To stay up to date about all things OAuth, check this page or subscribe.

Beginner’s Guide to OAuth

Part I: Overview

• Introduction
• End-user Benefits
• Definitions

Part II: Protocol Workflow

• End-use experience
• Protocol requests

Part III: Security Architecture

• Credentials
• Signature and Hash
• Secrets Limitations
• Timestamp and Nonce
• Signature Methods
• Signature Base String

Part IV: Signing Requests

• Complete interactive walkthrough on how to sign OAuth requests

Recent posts on the subject:

• Open Questions About OAuth 2.0 Authentication
• What's going on with OAuth?
• 2009 Year-End Status Report
• Sneak Peek: The Authoritative Guide to OAuth 1.0
• It's All About the Token
• OAuth 1.0 RFC Edition
• Planning for OAuth 2.0
• WRAP, and the Demise of the OAuth Community
• OAuth Wins CNET's Webware 100 Editors' Choice Award
• Explaining the OAuth Session Fixation Attack
• Introducing 'Sign-in with Twitter', OAuth-Style "Connect"
• On Versioning Specifications
• OAuth Nominated for CNET's Webware 100 Awards
• Clarifying OAuth Requirements for Service Providers
• Internet Identity Workshop, the Identity Geekfest