|After having an overview of OAuth, we can now get a change to watch the OAuth dance unfold before us with a great site called the OAuth Playground where we can simulate all these OAuth requests. The site allows us to see the HTTP requests behind the OAuth workflow we discussed in the previous section. For the sake of this example, try to think of the OAuth playground as a rich application where you can view your Google contacts. (Obviously, OPlayground is a technical oriented site, allowing you to see the different request on the HTTP level, but the same principles apply.|
|If you’re like me, you were probably a bit overwhelmed the first time you started looking at the Google authentication and authorization APIs. Although everything is well documented, it took me a couple days to get the full picture, and actually start some work with it. The goal of this article is to clarify some of the principles in a condensed form, and then start with some hands on examples in Java & PHP.|
- We’ll start with an overview of how OAuth works, using the typical example of an application accessing user data from a Google service.
- We’ll then focus on the oauth specific parameters that are associated with each request / response
- In a follow-up post, we’ll be looking at hte OAuth playground, and implement a OAuth workflow using standard java and an Android app.
What’s important to realize is that OAuth provides you with a standard way of letting your application act on the users behalf when connecting to third party providers like Google, Yahoo, LinkedIn, Photobucket,….
It allows your application to integrate with these providers, without forcing the user to enter his credentials (username/password) in your application. The user is assured that your application will never have to read or store the user credentials, but thanks to OAuth, your application (after being granted permission by the user) will be able to interact with these providers on his/her behalf.