Introduction to OAuth 2.0

Introduction

OAuth 2.0 is an open source authorization agreement for applications to access data from each other. F or example, a game app can access Facebook's user data or a geography-based app can access Foursquare's user data. Here's a diagram of the concept:

An example of how OAuth 2.0 can share data through an app

Users access the web game app, which requires users to log in via Facebook. The user logs on to Facebook and redirects the game app, which can access the user's data on Facebook, and the app can call functions (such as sending status updates) to Facebook on behalf of the user.

OAuth 2.0 Practical Case

OAuth 2.0 is either used to create an app that can read user information from other apps (such as the game app in the chart above) or to create an app that gives other apps access to their own user data (such as Facebook in the example above). O Auth 2.0 is a replacement for OAuth 1.0, which is more complex. OAuth 1.0 involves certificates, etc., while OAuth 2.0 is simpler, it doesn't require any certificates, just SSL/TLS.

OAuth 2.0 specification

The goal of this guide is to provide an easy-to-understand overview of OAuth 2.0, but does not describe every detail of the specification. If you want to implement OAuth 2.0, you will most likely want to fully study the specification, which you can find here: http://tools.ietf.org/html/draft-ietf-oauth-v2-23