Knowing the Future of OAuth
OAuth is a moving target. In just the last year, three or four versions have been proposed and implemented by different organizations. Twitter uses OAuth 1.0 at the time of this writing. Facebook uses OAuth 2.0, and became one of the first implementations of the standard. Before OAuth 2.0, another site, FriendFeed.com, was the first to implement an OAuth 2.0 precursor called OAuth WRAP.
Here are a few of the alternative standards you should know about that are similar or parallel with OAuth. Familiarize yourself with these, because you may need to know them some time in the future, or for other Web sites you develop.
OpenID
Pre-OAuth, developers would, and still, use a protocol called OpenID to identify users. OpenID's intent was to give users a way to delegate to whom they want to handle the identification process for them. After the user was identified, the delegate would then return the identifying information for him. Using this method, a site like Facebook could authorize a site like Google to log the user in, and a basic set of information about the user would be returned from Google.
The problem with OpenID, however, is that its entire focus was on authentication and identifying the user. No privacy was attached to it. No level of permissions existed as to what and how much information a developer could retrieve about the user. It was all or nothing.
OpenID Connect
At the time of this writing, a new protocol is being formalized: the next revision ...
Get Facebook® Application Development For Dummies® now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
