Oauth(Open Authorization) is an authorization protocol or a set of rules which allows a third party website (facebook,twitter etc.) Or application(desktop,web,mobile etc.) to access any users data with out the authentication details. It is the standardization and combined acumen of many well accepted industry protocols, which interact with protected data .
OAuth allows for:
1. Different access levels: It includes read-write VS read-only. Oauth allows a user to impart access to your user list to automatically organize your new LinkedIn friends to your email contact list.
2. A user can adjudicate to grant access to only users contact information (username,Email id,dob,entire friend list,calender etc.). However, Oauth allows access granularity. …show more content…
OAuth allows a user to manage access from the resource provider's application. With OAuth, there is provision for retracting access at any time.
Security Consideration: A session fixation vulnerability was found in Oauth 1.0. Here an attacker used by fixing a token for the victim that gets authorized where as Oauth 2.0 does not support encryption ,signeture,channel building client verification etc. .
OpenID is an open standard protocol endorsed by Microsoft,Facebook,PayPal,Google etc. Which allows user to be authenticated using a third-party services known as identity providers and users are able to control the amount of personal information they provide on Web sites, and in particular social networking sites.
OpenID defines the following three roles:
1.The end user that is looking to verify its