OAuth

Freshness Warning
This blog post is over 15 years old. It's possible that the information you read below isn't current and the links no longer work.

8 Oct 2007

OAuth is a great idea. As Six Apart says in their announcement of support...

Right now, if you want Flickr to post to your TypePad blog, or you want to connect a client to update both your Twitter account and your LiveJournal, you have to give them the password to your account, giving a third-party free reign on your site. Even worse, on some other services, the password for an account used for blogging or other applications is the same login that controls extremely sensitive information like your email account or credit card systems.

OAuth aims to standardize the way in which different consumer systems share data. The goal is to allow a person to give an application access to do some things on your accounts at other sites, but not everything. It’s role-based authorization for APIs.

Right now you give Facebook your Yahoo username and password so they can check so you can connect with Yahoo Mail contacts that are also on Facebook. That’s fine and dandy as long as Facebook doesn’t decide to do anything malicious with your account (like send an email to everyone, pretending to be you). Or as long as their systems aren’t compromised.

What OAuth wants to do is allow you to give Facebook permission to see your Hotmail contacts, but not to send them email, to change your contacts, or to read your mail.

At IMified, we’re looking into the specification and we’ll be implementing support in our apps. When you give us access to post to your Google Calendar, you shouldn’t have to trust us that we won’t also be reading your email. I mean, you can trust us, but you shouldn’t have to.

Mark Atwood
October 8, 2007 12:34 PM

I'm one of the specifiation authors for OAuth Core 1.0, and am very gratified to see all the positive buzz and takeup that it's generating.

This discussion has been closed.

Recently Written

Input metrics lead to outcomes (Sep 1): An easy to understand example of using input metrics to track progress toward an outcome.
Lagging Outcomes (Aug 22): Long-term things often end up off a team's goals because they can't see how to define measurable outcomes for them. Here's how to solve that.
Tyranny of Outcomes (Aug 19): An extreme focus on outcomes can have an undesired effect on product teams.
The Trap of The Sales-Led Product (Dec 10): It’s not a winning way to build a product company.
The Hidden Cost of Custom Customer Features (Dec 7): One-off features will cost you more than you think and make your customers unhappy.
Domain expertise in Product Management (Nov 16): When you're hiring software product managers, hire for product management skills. Looking for domain experts will reduce the pool of people you can hire and might just be worse for your product.
Strategy Means Saying No (Oct 27): An oft-overlooked aspect of strategy is to define what you are not doing. There are lots of adjacent problems you can attack. Strategy means defining which ones you will ignore.
Understanding vision, strategy, and execution (Oct 24): Vision is what you're trying to do. Strategy is broad strokes on how you'll get there. Execution is the tasks you complete to complete the strategy.