Today, Google made available the spec for OAuth 2.0, an update on their original OAuth for Google APIs. OAuth, which debuted in 2007, was described as a “valet key” by Eran Hammer-Lahav. The way a valet key gives only limited access to the driver, OAuth “allows you the User to grant access to your private resources on one site (which is called the Service Provider), to another site (called Consumer, not to be confused with you, the User)…without sharing your identity at all (or its secret parts).”
The update should allow developers to “do more with less code,” according to Andrew Wansley of the Google Development Team. “In addition to supporting a simplified protocol,” he says, “we’re also introducing a simpler, cleaner consent page for OAuth 2.0.” Which looks like this:
Wansley, a computer science student at Dartmouth, goes on to say he “hopes the OAuth 2.0 protocol helps developers deliver…powerful applications that make use of user data without compromising on safety or security.”
Complete Google code Blog entry is here.