At first, OAuth confused the snot out of me. But as I began to dive into it more, I realized it was just playing hard to get. Short for "Open protocol to allow secure API authentication," OAuth is a secure way to integrate applications. This allows you to publish and interact with protected data, like your Facebook account. It really is that simple. For instance, here at StageBloc we use OAuth to integrate The StageBloc System with Twitter, Facebook, and MySpace. This allows our users to update their personal Twitter and Facebook accounts without ever having to leave our backend. As we continue to develop our system, we will use OAuth to expand our social integrations.
While OAuth is a pretty new technique, it is an integral part to the future of the web. A future that is focused on site to site integration. In addition to Twitter, OAuth (or similar forms of it) are being used as the preferred method of integration by such sites as Facebook, MySpace, and Google. So why use OAuth? What really makes it better than simply storing a user's login information like some other systems use? In addition to the obvious, that it reduces the risk of identity theft from stolen login information, OAuth introduces extra checks between systems to ensure security and it gives users the freedom to change their login information without breaking their integration settings. This is because after authentication, the information used with OAuth is independent of a user's login information.
But what are the steps behind OAuth? How does it really work? The best way to understand this is to walk through an example usage. For example, to authenticate in StageBloc using OAuth, a user clicks to add integration with Twitter. This directs them to a page on Twitter.com asking them to login to their account using their login information. Upon authentication, the user is redirected back to their StageBloc account. This login information only interacts with Twitter.com, which checks to make sure the user's information is accurate and then ships back an integration code to StageBloc. Because the user was directed to Twitter.com from StageBloc, Twitter has also connected the user and StageBloc using a StageBloc specific code. This means that the integration code that was provided to StageBloc will only work with StageBloc, adding another measure of security to the process. So now StageBloc has the information to integrate with the user's Twitter account, and Twitter has the information that confirms StageBloc has permission to do this. From here on out, the user can change his/her Twitter login information or profile name without breaking StageBloc's integration.
So there you have it: OAuth is a simple, secure way for protected websites and other applications to interact with one another. At StageBloc, we use it in place of storing a user's login information because of the increased security and flexibility it provides. More specifically, we use it to integrate our system with our users' Twitter, Facebook, and MySpace profiles. As more sites and applications open their platforms up and expand on their integration options, we will continue to use OAuth or similar integration methods. Doing so will help us continue to grow StageBloc's reach and provide more features for our users.