OAuth 2.0 : The Path to Heaven from Hell? - Tuesday, August 21, 2012
By Kushlani De Silva
- 21 Aug, 2012
The Pre OAuth era was largely dominated by the password anti-pattern where you had to share credentials with third parties to give access to resources you own. This was no more tolerated by the community and vendors were pushed to implement their own protocols, making Google, Flickr, and Yahoo! come up with their own. OAuth 1.0 was an aggregated result of all those individual efforts. In 2009 the community contributed OAuth to the IETF and since then it was developed under IETF.
OAuth 2.0 is the youngest member in the OAuth family and although it borrows the same concepts as OAuth 1.0, they are not compatible. The tension on OAuth 2.0 started to grow as Eran Hammer, resigned from his role as the lead author and editor, withdrew his name from the OAuth 2.0 specification, and left the working group. He argues in his now famous blog post on OAuth 2.0, when compared with OAuth 1.0, the 2.0 specification is more complex, less interoperable, less useful, more incomplete, and most importantly, less secure.
Join Prabath Siriwardena and Johann Nallathamby on this webinar as they explains the pre-OAuth era, OAuth 1.0a and OAuth 2.0 - concepts. similarities and differences. If you want to find your way out of the many complexities of OAuth 2.0 then this webinar is for you!