What's the difference between OAuth and OAuth 2.0? [duplicate]

Question

Possible Duplicate:
How is oauth 2 different from oauth 1

I know these 2 are not backward-compatible. But, having implemented OAuth 1.0 already, is it easy to switch to OAuth 2.0? Thanks

Answer 1

OAuth 1.0 and 2.0 are two completely different protocols. However, they are designed to solve pretty much the same basic set of use cases and most of the people developing the new version have working 1.0 implementations. So they all made sure it would be trivial to upgrade.

With 2.0 you get more choices when it comes to how you want to issue and authentication access tokens. The providers with early 2.0 support use Bearer tokens which are send over HTTPS and don't include any cryptography on their own. Another (much better) option is to use MAC tokens which are similar in design to OAuth 1.0 HMAC-SHA1 but are simpler to use (no crazy parameters normalization).

The main difference and where the transition can be more complex is when dealing with large scale. 2.0 handles scale significantly better than 1.0 (which actually sucks at it). So if you have needs for scale, 2.0 would make your life much easier, but to take advantage of it, you'll need to do some work.

Answer 2

OAuth 2 relies on https for security, you don't have to "sign" requests anymore, just send your API key and tokens as querystring parameters.

It's really easy to implement, you don't need libraries or anything like that.

Check facebook's graph api to start playing with OAuth2!