Introduction to oauth Protocol

Http://blog.csdn.net/hereweare2009/article/details/3968582 Abstract: The oauth Protocol provides a safe, open and simple standard for user resource authorization. Unlike the previous authorization method, oauth does not allow a third party to access user account information (such as user name and password ), that is, a third party can apply for authorization to the user's resources without using the user name and password. Therefore, oauth is secure. At the same time, any third party can use the oauth authentication service, and any service provider can implement its own oauth authentication service, so oauth is open. The industry provides various oauth implementations, such as PHP, JavaScript, Java, Ruby, and Other Language Development kits, which greatly saves the programmer's time. Therefore, oauth is simple. Currently, many Internet services such as open APIs and many large companies such as Google, Yahoo, and Microsoft provide oauth certification services, which are sufficient to indicate that oauth has gradually become the standard for open resource authorization.

I. oauthBackground

Typical Case: If a user has two services: image online storage service a and image online printing service B. As shown in. Since service a and service B are provided by two different service providers, users register two users on their respective websites, assume that the two user names and passwords are different. What should I do if I want to use service B to print images stored on service? Method 1: The user may first download the image to be printed from service a and upload it to service B for printing. This method is safe but complicated, and inefficient. Method 2: the user provides the user name and password registered on service a to service B, and service B uses the user's account to download the image to be printed at service A, which improves the efficiency, but the security is greatly reduced. Service B can use the user name and password to view and even tamper with user resources on Service.

Many companies and individuals have tried to solve such problems, including Google, Yahoo, and Microsoft, which has prompted the oauth project team. Oauth is jointly initiated by Blaine Cook, Chris Messina, Larry HALFF, and David recordon to provide an open standard for API access authorization. Oauth Specification Version 1.0 was released on September 10, December 4, 2007. Through the official website: http://oauth.net can read more information.

Ii. oauthIntroduction

On the homepage of the official website, you can see the following introduction:

An open protocol to allow secure API authorization in a simple and standard method from desktop and Web applications.

Oauth is an open protocol that provides a simple and standard way for desktop programs or BS-based web applications to access API services that require user authorization. Oauth is similar to Flickr auth, Google's authsub, Yahoo's bbauth, and Facebook Auth. Oauth authorization has the following features:

1. Simplicity: oauth service providers and application developers are easy to understand and use;

2. Security: no information related to user keys is involved, making it safer and more flexible;

3. Openness: Any service provider can implement oauth, and any software developer can use oauth;

Introduction to oauth Protocol