Friday, May 18, 2012

OpenID (Authentication) & OAuth (Authorization)

OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

The OpenID protocol enables websites or applications (Consumers) to grant access their own applications by getting an authentication through another service or application (Provider), without requiring Users to maintain a separate account/profile with the Consumers.

    OpenID Providers (Whose service we use to authenticate an user)
    OpenID RelyingParty (Who uses OpenID as their authentication)

Java Implementation
    JOpenID(        -    lightweight
    openid4java(    -    documented


REST Authentication with OpenID

OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter)

The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers.

    OAuth Provider     - Server Side (Who secures their service when exposed outside)
    OAuth Consumer    - Client Side (Who authenticate their users with Provider to consume data from Provider)

Java Implementation 
Clientside implementation
       Scribe(               - lightweight
Both Serverside & Clientside implementation support

Please comment if anything I understood is wrong, so that I can correct the post & myself. :)


Phani said...

Thanks for the good compilation, saved lot of time for me.


Manabu Tokunaga said...

Thank you. Sometimes people are so deep into it, forgetting to tell the real basic information. This cleared to me a lot.