I have been working with social networks like linkedin, tiwtter, wikipedia and facebook to extract more details from them and also update the social networks from a single place. It was learning to see that these social providers offer API access based on java-script and REST for third party guys to integrate through a program.
2. The social providers support a way to authenticate program using OAuth. OAuth allows you to share your private resources stored on one site with another site without having to hand out your user name and password. It seems that they are saying that users don’t care about protocols and standards – they care about better experience with enhanced privacy and security. I was amazed at the multiple ways to impersonate other person in your code to perform functionality and also make sure that the privacy details are safe-guarded.
3. There was no official java or C# based client example provided by the service provider and client examples were targeted towards PHP, java script and Python. Neither one finds organized information about accessing social providers and OAuth security from a desktop application or NT service. I actually have build OAuth client that works from a windows web service or simple windows Forms application.
5. Once of my challenge also was to work with limited documentation to get a grasp of the entire set of capabilities offered by the APIS. By offering them free, it might be a strategy to allow developers to learn things what is of interest to them. The error codes need to be explained better and that is surely lacking. The explanation of how OAuth authorization affects API can be explained in better manner.
Book marking some references(Thanks to all authors to help me grasp OAuth)
Getting Start with OAuth
OAuth 2.0 Microsoft page
OAuth for Dummies.
OAuth 2.0 and the Road to Hell
How to write a complete OAuth Provider in PHP5
Four Attacks on OAuth – How to Secure Your OAuth Implementation
- My learning with OAuth makes come with the below judgements.
- best suited for web, mobile and can work for Desktop clients with some tricks.
- One-time tokens. For this, OAuth is a lot of complexity to make one API call.
- OAuth might not be the solution when the only clients of your API are servers, with the requirement to log in securely using a browser on the way.
- Where do you store credentials on the client?