As web services have become more and more complex and have started to present deeper APIs, they have also become much harder to integrate. It is not a web of simple feeds to be mashed-up but a real web of data where one’s informations stored on a service could be much more valuable if accessed also from another service. Users as starting to ask for this kind of integration and service providers should start implementing ways to let the user exchange authorizations between services (to access and manipulate data). OAuth solves exactly this problem, and gives a very simple, yet end-to-end complete way for a service developer to allow its users to authorize external services to access local resources without giving out their access credentials. The protocol defines the actors that are involved in this exchange and the messages that should be sent back and forth to accomplish the task. We’ll look at how we can extend a service to open the access via OAuth, that is how we may build an OAuth service provider. We’ll also see how we can use OAuth to enable our users to give our service access to their data stored elsewhere, or how to build an OAuth consumer service. For both we’ll see what we need to store on our database and which actions we need to enable the protocol. Last we’ll have a look (and discuss) the possible usability pitfalls that implementing OAuth can present and their implications on the security of the service itself, and we’ll also briefly look at the challenges and open issues that are there beyond the current protocol specification.

Presentation files: Integrating Services with OAuth Presentation.pdf