I've read a bit about it at http://oauth.net/ , it's "a simple way to publish and interact with protected data" apparently.
I think it's exactly what I need to provide a secure way of accessing data from an android/iphone app via a REST web service, but I can't work out exactly what it is.
So, put simply, what exactly does it do and are there any (really) simple examples of it in action I can follow, preferably implementing something in c# that can be accessed from a smartphone app?
OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it's OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password.
It's not simple. It gets a little simpler with bearer tokens in OAuth 2.0 but because of the security requirements and the fact that you have to exchange identity without a password, it's always going to be a little complex.
The (OAuth) client: The application that requests access to protected resources on behalf of the resource owner. It uses the access token to prove authorization. The authorization server: The entity that authenticates the resource owner, obtains authorization, and issues access tokens to the client.
OAuth defines two types of clients: confidential clients and public clients. Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe.
From the link provided by Craig Stuntz:
Open ID gives you one login for multiple sites. Each time you need to log into Zooomr – a site using Open ID – you will be redirected to your Open ID site where you login, and then back to Zooomr. OAuth lets you authorise one website – the consumer – to access your data from another website – the provider. For instance, you want to authorise a printing provider – call it Moo – to grab your photos from a photo repository – call it Flickr. Moo will redirect you to Flickr which will ask you, for instance, “Moo wants to download your Flickr photos. Is that cool?”, and then back to Moo to print your photos.
DotNetOpenAuth is a good C# library for Open ID and OAuth.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With