oauth tutorial - Facebook oauth - oauth2 tutorial - oauth authentication
Implementing an OAuth Server
- Find a server library already written:
- A short list available here: http://oauth.net/2/
- Read the spec of your chosen draft, in its entirety.
- These people didn’t write the spec for you to ignore it.
- Each word is chosen carefully.
- Ultimately, each implementation is somewhat different, since in many cases the spec says SHOULD and leaves the choice up to the implementer.
- Understand the security implications of the implementation choices you make.
Choose which grant types you want to support
- Authorization Code – for traditional web apps
- Implicit – for browser-based apps and mobile apps
- Password – for your own website or mobile apps
- Client Credentials – if applications can access resources on their own
- Choose whether to support Bearer tokens, MAC or both
- Define appropriate scopes for your service aaron.pk/
- Source code available on Github