StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
text
Body
copied!<p>OAuth isn't a SSO solution, it's a protocol commonly used for delegated API authorization. 3 legged OAuth allows a client requesting access to a protected resource to delegate authorization to the server hosting that resource. Basically, the user doesn't have to give their credentials to a 3rd party (the client), only to the server hosting the protected resource. OpenID may be a more appropriate solution if you are looking to implement single sign-on. You can also use OpenID OAuth extension which will allow you to combine authentication with authorization via OAuth. </p> <p>Work is currently being done on OAuth 2.0. WRAP was developed as a stop-gap solution to address some use cases not covered by the original OAuth 1.0a spec. WRAP will not replace OAuth, rather ideas from WRAP will make their way into OAuth 2.0 where appropriate. A number of the original authors of OAuth, as well as one of the authors of WRAP have written about this here:</p> <p><a href="http://radar.oreilly.com/2010/01/whats-going-on-with-oauth.html" rel="noreferrer">What's going on with OAuth?</a></p> <p>So no, OAuth hasn't failed, in fact it's enjoyed pretty wide adoption. OAuth 1.0 will continue to be implemented by a large number of providers and eventually OAuth 2.0 will be available as well. WRAP is there for people who want to take advantage of the use cases it addresses now. </p> <p>With regard to the difficulty of implementing OAuth as a client, why not try it out? The available libraries are of varying quality, but with a decent one you can usually implement an OAuth client in under a day.</p>

Querying!

Guidance

An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload