668
edits
Changes
→Differences between OAuth 1.0 and 2.0
* OAuth 1.0 credentials for API calls include the consumer's master secret in addition to the user-specific secret, while OAuth 2.0 credentials for API calls require only the user-specific secret.
* OAuth 1.0 was is optimized for using HMAC during token establishment and API-call authentication by HMACcalls, while OAuth 2.0 is optimized for authentication by bearer tokens over SSL(essentially, passwords over an encrypted channel.) OAuth 1. Both are 0 is technically capable of bearer tokens, but OAuth 1.0's no one uses this because it would require sending the master-secret-in-every-call requirement makes that awkward. RSA signatures can be used in OAuth 1.0instead of HMAC, but are not supported few providers support it, and the option has gone away in OAuth 2.0. HMAC signatures of API calls are supported in OAuth 2.0 with a greatly simplified canonicalization algorithm, but do not appear to be in use by providers at this point.
== Designs of OAuth Consumers ==
