OAuth

OAuth 2.0

OAuth 2.0 is the next evolution of the OAuth protocol which was originally created in late 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG and is based on the OAuth WRAP proposal.

Questions, suggestions and protocol changes should be discussed on the mailing list.

Reading the spec

The final version of the spec can be found at http://tools.ietf.org/html/rfc6749.

Implementations

Server Libraries

• Java
  • Apache Amber (draft 22)
  • Spring Security for OAuth
  • Apis Authorization Server (v2-31)
  • Restlet Framework (draft 30)
  • Apache CXF
• PHP
  • PHP OAuth 2.0 Auth and Resource Server and Demo
  • PHP OAuth2 Server and Demo
  • PHP OAuth 2.0 (AS with SAML/BrowserID AuthN, with management REST API, see DEMO)
• Ruby OAuth2 Server (draft 18)
• .NET DotNetOpenAuth

Client Libraries

• PHP
• PHP OAuth 2.0 client
• Cocoa
• iPhone and iPad
• iOS and Mac OS X (draft 10)
• Java
  • Apache Amber (draft 22)
  • Spring Social
  • Spring Security for OAuth
  • Restlet Framework (draft 30)
• Python
  • sanction
  • rauth
• Ruby Gem
• Ruby
• Javascript
• .NET
  • DotNetOpenAuth
  • Spring Social for .NET

Services that support OAuth 2

• 37signals (draft 5)
• Box
• Campaign Monitor
• Facebook's Graph API (see sociallipstick.com/?p=239)
• Foursquare
• Geoloqi
• GitHub
• Google
• Meetup
• Salesforce
• Citrix ShareFile
• SoundCloud
• Do.com (draft 22)
• Windows Live