668
edits
Changes
→Overview of OAuth
It is often important for users to give a third party access to their data. OAuth is a widely deployed standard for this purpose: a data host, e.g. Facebook, allows a consumer, e.g. FarmVille, to access a user's data when that user agrees. The OAuth protocol consists of two major portions:
* credential negotiation: the consumer, data host, and user engage in a dance that concludes in the consumer obtaining credentials that will allow it to make API calls into the data host to access the user's data. This dance involves In this process, the user and importantly notifies typically sees, before approving the user of request, which rights to her data she is granting the consumeris requesting (e.g. read, read/write, ...).
* authenticating API calls: the consumer uses credentials to authenticate its API calls against the data host.
OAuth version 1 and 2 are importantly quite different, but they both follow the above pattern.
=== Differences between OAuth 1.0 and 2.0 ===
OAuth 1.0 and 2.0 are incompatible at the protocol level. In addition, there are The important design differencesare:
* OAuth 1.0 credentials for API calls include the consumer's master secret in addition to the user-specific secret, while OAuth 2.0 credentials for API calls require only the user-specific secret.
