OAuth Core 1.0, the community-based specification published on December 4th, 2007, revised June 24th, 2009, and clarified and corrected in December 2009 (pending publication) is one of the fastest growing Open Web specifications. It provides a much needed solution for security web APIs without requiring users to share their usernames and passwords.
This guide attempts to explain OAuth by taking a look at its history, architecture, and technical details. It is written primarily for developers looking to implement services offering secure APIs or developers implementing clients using OAuth-protected services.
The OAuth specification has gone through a few complete rewrites. The final revision was made at the end of 2009 as part of the effort to publish OAuth 1.0 as an RFC. This guide is based on the final edition which changed the document structure and terminology to better align OAuth with HTTP.
This guide is a work in progress, and will remain such until this notice is removed. Feedback, as always, is greatly appreciated.
