The OAuth 1.0 Guide

OAuth Core 1.0 (also known as RFC 5849), the community-based specification published on December 4th, 2007, revised June 24th, 2009, and finalized in April 2010 is one of the fastest growing Open Web specifications. It provides a much needed solution for security web APIs without requiring users to share their usernames and passwords.

This guide attempts to explain OAuth by taking a look at its history, architecture, and technical details. It is written primarily for developers looking to implement services offering secure APIs or developers implementing clients using OAuth-protected services.

The OAuth specification has gone through a few complete rewrites. The final revision was made at the end of 2009 as part of the effort to publish OAuth 1.0 as an RFC, which concluded in April 2010 with the publication of RFC 5849. This guide is based on the final edition which changed the document structure and terminology to better align OAuth with HTTP and other web standards.

OAuth 1.0 is being replaced by the new OAuth 2.0 protocol from the IETF. OAuth 2.0 is a large undertaking with many times more participants and industries. OAuth 2.0 is expected to be completed by the end of 2011.