Skip to content

Instantly share code, notes, and snippets.

@mackenziestarr

mackenziestarr/oauth2.md

Last active December 3, 2015 23:08
Show Gist options
  • Save mackenziestarr/00014118c554004bf241 to your computer and use it in GitHub Desktop.
Save mackenziestarr/00014118c554004bf241 to your computer and use it in GitHub Desktop.
Download ZIP
OAuth 2.0 Research
Raw
oauth2.md

Oauth 2.0 Authorization Framework

###Difference between OpenID and OAuth

While OpenID is all about using a single identity to sign into many sites, OAuth is about giving access to your stuff without sharing >your identity at all (or its secret parts). [[1]][1]

The two can be used separately or together

  • OAuth negotiates getting users to grant access
  • OpenID makes sure users are who they say they are

###What

An open standard for API access delegation

###Why

Web services increasingly rely on data provided by other sites to operate (think Printsagram, a photo printing service for your instagram)

Without OAuth or similar frameworks

  1. account credentials are left to the service to store properly and securely
  2. service has unbounded, unlimited access to all account data
  3. account owner can't revoke access to one service without revoking access to all services
  4. if a service is comprimised then account credentials and data are at risk
    [1]: http://oauth.net/about/ [2]: https://tools.ietf.org/html/rfc6749 [3]: https://tools.ietf.org/html/rfc6819
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment