Hacker News new | past | comments | ask | show | jobs | submit login
The OAuth Bible (github.com/mashape)
129 points by ecesena on April 2, 2013 | hide | past | favorite | 13 comments



Hello! I am the author of this, never expected to see it here! I was extremely surprised when my friend mentioned it was on here and Hacker News wouldn't let me comment.

If anyone has questions or any feedback let me know as it is a work in progress! Thank you for all the kind words!


This is excellent, especially the diagrams.

I'd love to see a explanation of the security implications of each flow. As I understand it the "most secure" flow is OAuth 1.0a (three-legged), but its a total pain so it is mostly avoided. OAuth 2.0 is dramatically simpler, but there are bespoke additions (Google and Facebook come to mind) that you have to handle, typically in the name of security. I am ignorant of all the implications and would like a guide.


On (in)security of oAuth implementations: http://css.csail.mit.edu/6.858/2012/readings/oauth-sso.pdf


@nijiko,

Your posts are appearing as [dead].

nijiko 3 hours ago | link [dead]

Hello! I am the author of this, never expected to see it here! I was extremely surprised when my friend mentioned it was on here and Hacker News wouldn't let me comment. If anyone has questions or any feedback let me know as it is a work in progress! Thank you for all the kind words!


Forgive me for I don't know what this means, I'm new to hacker news


+1.

I almost wrote this myself last year after reading the spec, but then all the will to live and relevant details had evaporated from my mind.

It's actually not that hard to understand once you strip the verbose prose.


Great work. Thanks for all of this. I can't be the only one who has on more than one occasion waded through the technical descriptions of this topic and read code examples and still feels a bit lost, giving up and just using an existing library and crossing my fingers. I haven't read your entire doc yet but what I have is very nicely explained.

I think if more people understood it better we would all have a better shot at consistency in this regard. To that end you've made a great start. Cheers.


Neat! But I've yet to find a place that explains why OAuth requires certain things (vs stating what is required).


Tell me what pieces you want explained and I will deliver:

nijiko@mashape.com


Finally! OAuth flow charts in one place!


>Excuse me if you may for I wish all to understand this, and not just those with a degree in understanding legal or technical jargon.

I couldn't understand any of it. If this is meant to be for all, then should I go back and learn how to switch on a computer?


Thanks! Very useful for these days as oauth being implemented more and more.


Nice. This is really helpful




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: