The purpose of this article is to present OAuth so that anyone can understand, I explain from the point of view of a user, Knowing that way can affect this technology.
What is OAuth?
For us to understand
OAuth is used to play candy crush, while logging on facebook, candy crush without having access to all data for your facebook account and what is most important not access your username or your password facebook.
Operation without OAuth
Example with an online store.
- The user accesses the store and click the login button.
- The store asks for username and password.
- The user gives them and access your data and orders.
If you hack the store you have access to all my data including card number and password. Addition, it is normal users to use these data in more services than they could have access to my data in other services.
Operation with OAuth
Example with an online shop using PayPal.
- Users access the online store and this prompts you to log in with PayPal and the user says yes.
- The online store asks PayPal data user data .
- PayPal, not the online store, asks the user name and password.
- The user puts and configured to permit data and have the online store.
PayPal and online store subsequently agreed exchange data.
If the online store hacked not have access to anything, online store only has a token that only serves to access PayPal from servers online store and only limited information, or the user, ni a la password, or the credit card which has only PayPal.
Versions of OAuth
- Oauth 1.0 RFC 5849 April 2010.
- Oauth 2.0 RFC 6749 and RFC 6750 October 2012, still continuing to develop new features.
Who uses OAuth?
Google, Facebook, Twitter, Box, PayPal, LinkedIn, Amazon, Flirckr, Nextflix, Box, Vimeo, Evernote….
Problems with OAuth
Attentive to the permissions you give to others, You can give them permission to post to your walls.
In some cases during the authentication process can take many permits. Fijaros when pulsáis accept.
Check the permissions and change privacy applications.
I leave this presentation I made in which OAuth explained.
I hope you liked the article and know a little more of OAuth, if you have liked to share or you can give +1 or I like in social networks are the engine that encourages me to continue writing. Thank you very much to all.