A How-to Guide to OAuth & API Security
OAuth is an emerging Web standard for authorizing limited access to applications and data. It is designed so that users can grant restricted access to resources they own - such as pictures residing on a site like Flickr or SmugMug - to a third-party client like a photo printing site. In the past, it was common to ask the user to share their username and password with the client, a deceptively simple request masking unacceptable security risk. In contrast to this, OAuth promotes a least privilege model, allowing a user to grant limited access to their applications and data by issuing a token with limited capability.
Download this white paper to explore:
- What exactly is OAuth;
- Challenges with OAuth;
- Why OAuth is the only answer and how to iimplement it.