In an age when web users have their social data scattered across different social sites and they want to access and use this data from outside these sites, developers face the serious security challenge of enabling users to access their private data in social sites without having to share their credentials.OAuth is the perfect solution. This open authorization protocol that allows standard and secure API authorization without exposing the user’s credentials. OAuth also provides a mechanism to grant limited access (in scope, duration, and so on).
In his Web Developer’s Virtual Library (WDVL) article, Jaswinder Singh provides an overview of OAuth’s token-based authorization system and explains how this system works between two web sites. At a high level, the elements involved are:
- User: Social network (Orkut, Facebook, Twitter, iGoogle, etc.) users like you and me
- OAuth Provider: Web site or social networking site where the user’s private resources are stored
- OAuth Consumer: Web site, social networking site, mobile device, set-top box, etc. trying to access the protected resource on the other site