With wide adoption of collaboration platforms and social networks, application developers have the opportunity to connect users with their data wherever they are on the Web. Connecting users with their data results in improved day-to-day efficiency by eliminating data silos and also allows developers to differentiate their applications from the competition.
OAuth provides the ability for these applications to access a user’s data securely, without requiring the user to take the scary step of handing over an account password.
Types of functionality provided by OAuth-enabled APIs include the following:
Getting access to a user’s social graph—their Facebook friends, people they’re following on Twitter, or their Google Contacts
Sharing information about a user’s activities on your site by posting to their Facebook wall or Twitter stream
Accessing a user’s Google Docs or Dropbox account to store data in their online filesystem of choice
Integrating business applications with one another to drive smarter decisions by mashing up multiple data sources such as a Salesforce CRM and TripIt travel plan
In order to access or update private data via each of these APIs, an application needs to be delegated access by the owner of the data. Each of these APIs, and over 300 more around the Web (according to Programmable Web in February 2012), support OAuth for getting access.
Having a common protocol for handling API authorization greatly improves the developer experience because it lessens the learning curve required to integrate with a new API. At the same time, an authorization standard creates more confidence in the security of APIs because the standard has been vetted by a large community.
Get Getting Started with OAuth 2.0 now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
