Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Can anybody explain OAuth?

I've read a bit about it at http://oauth.net/ , it's "a simple way to publish and interact with protected data" apparently.

I think it's exactly what I need to provide a secure way of accessing data from an android/iphone app via a REST web service, but I can't work out exactly what it is.

So, put simply, what exactly does it do and are there any (really) simple examples of it in action I can follow, preferably implementing something in c# that can be accessed from a smartphone app?

like image 583
jonhobbs Avatar asked Aug 18 '10 16:08

jonhobbs


People also ask

How do you explain OAuth?

OAuth is an open-standard authorization protocol or framework that provides applications the ability for “secure designated access.” For example, you can tell Facebook that it's OK for ESPN.com to access your profile or post updates to your timeline without having to give ESPN your Facebook password.

Is OAuth difficult?

It's not simple. It gets a little simpler with bearer tokens in OAuth 2.0 but because of the security requirements and the fact that you have to exchange identity without a password, it's always going to be a little complex.

What is OAuth for beginners?

The (OAuth) client: The application that requests access to protected resources on behalf of the resource owner. It uses the access token to prove authorization. The authorization server: The entity that authenticates the resource owner, obtains authorization, and issues access tokens to the client.

Is OAuth confidential client?

OAuth defines two types of clients: confidential clients and public clients. Confidential clients are applications that are able to securely authenticate with the authorization server, for example being able to keep their registered client secret safe.


1 Answers

From the link provided by Craig Stuntz:

Open ID gives you one login for multiple sites. Each time you need to log into Zooomr – a site using Open ID – you will be redirected to your Open ID site where you login, and then back to Zooomr. OAuth lets you authorise one website – the consumer – to access your data from another website – the provider. For instance, you want to authorise a printing provider – call it Moo – to grab your photos from a photo repository – call it Flickr. Moo will redirect you to Flickr which will ask you, for instance, “Moo wants to download your Flickr photos. Is that cool?”, and then back to Moo to print your photos.

DotNetOpenAuth is a good C# library for Open ID and OAuth.

like image 68
Ither Avatar answered Sep 18 '22 00:09

Ither