OAuth

What is OAuth?
OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password.

Introducing OAuth 2.0
OAuth 1.0 was published in December 2007 and quickly become the industry standard for web-based access delegation. A minor revision (OAuth 1.0 Revision A) was published in June 2008 to fix a security hole. In April 2010, OAuth 1.0 was published as RFC 5849.
OAuth 2.0 is a completely new protocol and is not backwards compatible with previous versions. However, it retains the overall architecture and approach established by the previous versions, and the same introduction (from the Official Guide to OAuth 1.0) still very much applies.

Learn More:
English:
http://developer.eventbrite.com/doc/authentication/oauth2/
https://dev.twitter.com/docs/auth/oauth/faq
http://hueniverse.com/2010/05/introducing-oauth-2-0/
OAuth 2.0 Spec (Core/Classic) - http://tools.ietf.org/html/rfc6749
OAuth 2.0  Assertion Framework Spec - http://tools.ietf.org/html/draft-ietf-oauth-assertions-11
OAuth 2.0 JWT Assertion Profile Spec - http://tools.ietf.org/html/draft-ietf-oauth-jwt-bearer-05
JSON Web Token (JWT) Main Spec - http://tools.ietf.org/html/draft-ietf-oauth-json-web-token-08
Javascript Object Signing & Encryption (JWT Related) - http://datatracker.ietf.org/wg/jose/

Japanese:
http://gihyo.jp/dev/feature/01/oauth/0001
http://developer.yahoo.co.jp/yconnect/
http://www.atmarkit.co.jp/fsmart/articles/oauth2/01.html
https://developers.google.com/accounts/docs/OAuth2Login?hl=ja
http://wiki.developerforce.com/page/Digging_Deeper_into_OAuth_2.0_on_Force.com
http://wiki.developerforce.com/page/JP:Digging_Deeper_into_OAuth_2.0_at_Salesforce.com
http://msdn.microsoft.com/ja-jp/library/live/hh243647.aspx
 

Chinese:
http://www.cnblogs.com/highend/archive/2012/07/05/oauth2_introduced.html

posted @ 2014-02-27 19:26  Alice Liu(刘志红)  阅读(356)  评论(0编辑  收藏  举报