Easily Share Resources Between Websites Using the OAuth Open Standard

Oauth Standard Adds Security to Internet-Based Data Sharing

D. Garrett
D. Garrett, Yahoo! Contributor Network
Feb 21, 2011 "Share your voice on Yahoo! websites. Start Here."
It's not uncommon for people to use a variety of websites for various purposes. Web users may use one site to store, organize and share their digital photos. They may use another site to access and manage their bank accounts. Users may use another site to upload videos. Over the years, the internet has become populated with a wide variety of excellent web applications. Now is the time to enhance the user experience by making it easy to share information between those separate websites. That is where the OAuth standard comes in handy, increasing the ease and security of data sharing between distinct websites.

OAuth General Overview

Most of us have accounts on websites where we upload and store various things like videos, photos, contact lists, bank accounts and other files. In OAuth terminology, these are called "private resources". There are quite a few occasions where it comes in handy to be able to share your private resources from one website with another, like for use by various social networking sites for example. Traditionally, if you wanted to share the resources you have stored with one site with another website, you'd have to expose your user name and password credentials, which opens you up to some security risks.

OAuth is a technology designed to allow you to share your "private resources" between websites (or web applications) without having to disclose your personal information. According to Oauth.net, it allows the user on one site to access their private resources on another site.

OAuth Tokens

When a website asks you to register for an account, you usually have to enter a username and password. This information is stored in a database table and when you revisit the site and enter your login information, it checks to make sure the username you entered matches the associated password. This adds some security, but what if someone was eavesdropping on that transaction? If someone acquires your login credentials, then they can easily access your account information. In computer security terminology, they can perform what are called "replay attacks", which in this context, simply means they could "replay" the same request you made to gain access to your account. An OAuth token prevents this type of scenario by using a secure "token" that can be used instead of your personal credentials to access "private resources" stored with various websites.

What Is A Secure Token Id?

A token is usually a unique string of letters and numbers (although technically, it can be other characters). These tokens can allow users to authenticate their identity and allow access to specified resources from another website.

Sources:
Eran Hammer-Lahav
Introduction - Oauthn
Oauth.net

Published by D. Garrett

I am a web designer and freelance writer. I graduated college with a B.A. in magazine journalism and received a certificate from the Rhode Island School of Design in Web Design and Development.  View profile

  • Users no longer need to expose their login credentials to share information between websites.
  • OAuth adds security to user information while making data sharing easier.
  • OAuth is an open standard for authorization allowing internet users to share private resources.
Twitter requires all third party applications to use OAuth.

To comment, please sign in to your Yahoo! account, or sign up for a new account.