OAuth

OAuth 2.0

OAuth 2.0 is the next evolution of the OAuth protocol which was originally created in late 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG and is based on the OAuth WRAP proposal.

Questions, suggestions and protocol changes should be discussed on the mailing list.

Reading the spec

The final version of the spec can be found at http://tools.ietf.org/html/rfc6749.

Implementations

Server Libraries

• Java
  • MitreID (with OpenID Connect)
  • Apache Oltu
  • Spring Security for OAuth
  • Apis Authorization Server (v2-31)
  • Restlet Framework (draft 30)
  • Apache CXF
• PHP
  • PHP OAuth2 Server and Demo
  • PHP OAuth 2.0 Auth and Resource Server and Demo
  • PHP OAuth 2.0 (AS with SAML/BrowserID AuthN, with management REST API)
  • PHP OAuth2.0 for Silex and Demo
  • PHP OAuth2.0 for Symfony and Demo
• Python
  • Python OAuth 2.0 Client + Server Library
  • OAuthLib (a generic implementation of the OAuth request-signing logic) is avaliable for Django and Flask web frameworks
• NodeJS
  • NodeJS OAuth 2.0 Provider
  • Mozilla Firefox Accounts. A full stack Identy Provider system developed to support Firefox market place and other services
• Ruby
  • Ruby OAuth2 Server (draft 18)
• .NET
  • .NET DotNetOpenAuth
  • Thinktecture IdentityServer
• Erlang
  • Erlang Oauth2 Server framework

Proxy services

• OAuth.io (self hosted), and also you can use as an external service

Client Libraries

• PHP
  • league/oauth2-client: OAuth 2.0 Client from the League of Extraordinary Packages
  • oauth-api from PHP Classes
  • PHP OAuth 2.0 Authorization Code Grant Client
  • OAuth2/OpenID Connect Client Library for PHP/Zend Framework 2
• Objective C
  • Cocoa
  • iPhone and iPad
  • iOS and Mac OS X (draft 10)
• Swift
  • OAuthSwift
• Java
  • Apache Oltu
  • Spring Social
  • Spring Security for OAuth
  • Restlet Framework (draft 30)
  • ScribeJava
• Scala
  • Silhouette
• Python
  • sanction
  • rauth
  • Authomatic
• Ruby
  • Ruby Gem
  • Ruby
• Javascript
  • Javascript
• .NET
  • OWIN Middleware
  • DotNetOpenAuth
  • Spring Social for .NET
• Qt/C++
  • O2 (supports OAuth 1.0a and 2.0)
• Lua/Corona SDK
  • Corona/Lua OAuth 2.0 API
• Dart
  • Dart OAuth 2.0 Client

Services that support OAuth 2

• 37signals (draft 5)
• Box
• Beeminder
• Campaign Monitor
• Clever
• Dropbox
• Facebook's Graph API (see sociallipstick.com/?p=239)
• Foursquare
• Geoloqi
• GitHub
• Google
• HiDrive
• Meetup
• NationBuilder
• Salesforce
• Citrix ShareFile
• Slack
• SoundCloud
• Do.com (draft 22)
• Windows Live
• time cockpit

Legacy

For more information on OAuth 1.0 and 1.0a, see the old About page.