OAuth is a new generation of the OAuth protocol. It was originally created in 2006 and it is an open protocol aimed to ensure the authentication and authorisation, unlike other services’ API. OAuth 2 focuses primarily on the simplicity of client development, offering specific authorisation procedures for web applications, desktop applications, mobile phones and other smart devices.

OAuth 2 isn’t retrospectively compatible with OAuth 1. OAuth 2 offers specific authorisation procedures for web applications, desktop applications, mobile phones and other smart devices. Specifications and bound RFC are developed by IETF OAuthWG. The main Framework was published in October 2012.

Facebook’s graphical API supports only OAuth 2. Google supports OAuth 2 as a recommended authorisation mechanism for all its APIs. Microsoft also supports OAuth 2 for its different APIs and its Azure Active Directory service which is used by many Microsoft’s APIs and third-party APIs as well.

The advantages of using OAuth 2

  • Simplicity. If you need a user without an account to log on to your site, OAuth can allow him to log on, for example, via Twitter. This saves the user’s time and pages have an authenticated user.
  • Time. The user has a possibility to find new pages or to return to his favourites.
  • Networking. OAuth allows us to use a single account to post comments on many sites. This also allows him to share those pages with friends and to search for potentially interesting sites. This aspect can also be used by the website maker, which can have an impact on the wider audience.
  • Privacy. If the user doesn’t know, if he can trust a page with his card data, for example, OAuth allows access to the bank with hidden personal data. At the same time, user data is protected against the abuse by an unknown site provider.
  • Security. OAuth 2 uses a secure transmission via SSL, which ensures maximum encryption security to protect the data as much as possible.
  • Control. Users can choose, when the defined site’s access token expires. That gives them more control of their data.
  • Costs. The web manager can use a robust comments system without having to create it himself. This saves time and money on web developers who can focus on other aspects of the site.
  • Attendance. OAuth can increase the page attendance by not forcing users to register to unknown sites.
  • Popularity. By using Google, Facebook, Twitter and Yahoo, OAuth is trustworthy for users by showing them that this is a stable system they can trust.

The disadvantages of using OAuth

  • Absence of anonymity. OAuth doesn’t allow user to remain anonymous on the page. Many users rather leave their comments anonymously, so OAuth cannot be used on some pages, where the OAuth sign on is required.
  • Insufficient market saturation. Although many users use OAuth through Facebook or Twitter, the number of pagers using OAuth is still very limited. It’ll take a long time before this trend is confirmed spread among the larger number of pages so that OAuth achieves its full potential.
  • Phishing. When used correctly, OAuth is very safe, but a flash login on an unknown page can lead users to careless behaviour when they believe these pages are always safe. This may lead to the abuse of this trust in the form of phishing attacks.
  • Misuse of data. OAuth doesn’t allow pages to misuse users’ data against their will but Facebook, which is linked to OAuth, has a history of proven data misuse.