What exactly is OAuth (Open Authorization)? I have gleaned some information from OAuth Twitter Tutorial: What is OAuth And What It Means To You What is OAuth But I want to learn and know more. I’m looking for info on the lifecycle. Why do most of the social networks rely on this open protocol? Will … Read more
I am just getting started working with Google API and OAuth2. When the client authorizes my app I am given a “refresh token” and a short lived “access token”. Now every time the access token expires, I can POST my refresh token to Google and they will give me a new access token. My question … Read more
According to RFC6750-The OAuth 2.0 Authorization Framework: Bearer Token Usage, the bearer token is: A security token with the property that any party in possession of the token (a “bearer”) can use the token in any way that any other party in possession of it can. To me this definition is vague and I can’t … Read more
I don’t know if I just have some kind of blind spot or what, but I’ve read the OAuth 2 spec many times over and perused the mailing list archives, and I have yet to find a good explanation of why the Implicit Grant flow for obtaining access tokens has been developed. Compared to the … Read more
Could anyone explain what’s good about OAuth2 and why we should implement it? I ask because I’m a bit confused about it — here’s my current thoughts: OAuth1 (more precisely HMAC) requests seem logical, easy to understand, easy to develop and really, really secure. OAuth2, instead, brings authorization requests, access tokens and refresh tokens, and … Read more
In very simple terms, can someone explain the difference between OAuth 2 and OAuth 1? Is OAuth 1 obsolete now? Should we be implementing OAuth 2? I don’t see many implementations of OAuth 2; most are still using OAuth 1, which makes me doubt OAuth 2 is ready to use. Is it? 10 s 10 … Read more
