Friday, May 18, 2012

OpenID (Authentication) & OAuth (Authorization)


OpenID = using login credentials from an OpenID provider (Google) to login to another application (Stack Overflow)

Definition
The OpenID protocol enables websites or applications (Consumers) to grant access their own applications by getting an authentication through another service or application (Provider), without requiring Users to maintain a separate account/profile with the Consumers.

Details
    OpenID Providers (Whose service we use to authenticate an user)
        google.com
        myopenid.com
        yahoo.com
    OpenID RelyingParty (Who uses OpenID as their authentication)
        mywebsite.com

Java Implementation
    JOpenID(http://code.google.com/p/jopenid/)        -    lightweight
    openid4java(http://code.google.com/p/openid4java/)    -    documented

References

REST Authentication with OpenID



OAuth = Allowing an application (TwitPic) to act on your behalf to and access information from an application that you use (Twitter)

Definition
The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers.

Details
    OAuth Provider     - Server Side (Who secures their service when exposed outside)
        Yahoo
        Google
        Twitter
    OAuth Consumer    - Client Side (Who authenticate their users with Provider to consume data from Provider)
        mywebsite.com

Java Implementation 
Clientside implementation
       Scribe(https://github.com/fernandezpablo85/scribe-java)               - lightweight
Both Serverside & Clientside implementation support

Please comment if anything I understood is wrong, so that I can correct the post & myself. :)