Reputation: 931
OAuth alternative?
I have been investigating OAuth to share resources in my site to other sites. But, hole of OAuth specification was reported several days ago. http://oauth.net/advisories/2009-1
Many sites decided to stop OAuth until fixed version is released.
Currently, can we have any alternative to OAuth? I want an open-standard and secure authorization protocol.
Upvotes: 5
Views: 5542
Answers (6)
Reputation: 101
Oz is a web authorization protocol based on industry best practices. Oz combines the Hawk authentication protocol with the Iron encryption protocol to provide a simple to use and secure solution for granting and authenticating third-party access to an API on behalf of a user or an application.
OZ github link
Oz builds on the well-understood concepts behind the OAuth protocol. While the terminology has been updated to reflect the common terms used today when building applications with third-party access, the overall architecture is the same.
Upvotes: 1
Reputation: 13351
Oauth has come up with new OAuth 2.0 standard which is much more secure than OAuth 1.0 and 1.0a.It scaps access token and access secret and introduced access token and refresh token.Access token in Oauth 2.0 is validate for certain timeframe,after that it is regenrated or refreshed using refresh token.
Upvotes: 0
Reputation: 403
OAuth version 2.O is a bit complex protocol compared to its predecessor, but more secure. It is specially tailored to address the security concerns of enterprises. Currently Facebook and Google authentication flows are based on OAuth 2.0
Upvotes: 0
Reputation: 1735
There was a revised version of the OAuth 1.0 spec, but since this question was asked OAuth version 2.0 is getting stable, and would often be the reccomended protocol.
Upvotes: 0
Reputation: 1088
In the short term, your best bet is to fall back on basic authentication mechanisms (requiring users to enter their credentials into your site for the foreign site).
Like Jonathan said, the hole will be fixed soon in the spec.
Upvotes: 1
Reputation: 2192
OAuth was built because there weren't any existing standards that solved the same problem. A fixed OAuth spec is forthcoming soon. It will be a pretty small change to the existing protocol.
Upvotes: 4
Related Questions
- Is there an easy way to grant yourself oauth access?
- using oauth for API without 3rd party
- Microsoft alternative to Auth0
- OAuth access for R
- OAuth, OpenID or other solutions?
- Generic OAuth - is it possible?
- Rest Authorization with OAuth?
- OAuth 2.0 for APIs
- Interfacing my application with existing authentication systems
- Implementing access with oAuth or other