Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

OAuth 2.0 -- What's new? [closed]

Could someone enumerate the main differences between OAuth 2.0 and previous versions? Or point me to good documentation. (Not the full OAuth 2.0 Protocol draft; I don't have time to read it.)

like image 402
Felixyz Avatar asked Jun 22 '10 20:06

Felixyz


1 Answers

The main difference between 1.0 and 2.0 is scale. Everything else is much less significant. 2.0 was designed from the ground up for Google/Facebook/Multinational-telecom scale by optimizing each step and each credential.

In OAuth 1.0, every request requires two secrets and a complex request normalization to produce the signature. It has a broken nonce/timestamp logic that no one implements properly (best kept secret in the industry is that Twitter is probably the only provider checking nonce values with a 15 minute clock skew for time stamps).

OAuth 2.0 is being much more honest about desktop and mobile clients, registration requirements, and the protocol's limitations. The specification is a bit more complex due to the much bigger list of requirements and the new abstraction layer called authorization grants.

like image 188
Eran Hammer Avatar answered Sep 19 '22 22:09

Eran Hammer