In today's web, many people do not like to share or exchange all of their data on just one service. Today, we prefer to use Flickr for photos, YouTube for videos, Amazon for shopping, etc. In order to make integration of different web services (in order to satisfy all customer/user needs), APIs using Services API in a secure fashion are used. OAuth provides a secure method for this type of communication. OAuth's complete draft is available to study.
OAuth is an open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.
OAuth uses token based authentication system for users and APIs. The token provided by the OAuth system will provide a much safer and risk free browsing experience to users. Also, these tokens are time bound an amount of access time to another service which then expires automatically (e.g., could be a two hour access time).
OAuth module in Drupal provides a complete security layer over Drupal to authenticate and share a site's resources via the OAuth protocol. OAuth module integrates support with Drupal's Services to enable consumption of a site's resources by remote applications in Drupal. OAuth module was started during Google Summer of Code - 2008 by enrolled student Sumit Kataria.
The module can be used for both service server and consumer. It means that you can access other sites' resources, like Flickr photos or Twitter's posts and bring to your Drupal site or you can expose some of your site resources for other sites.
OAuth adopts a certain vocabulary that people might be used to: (extracted from http://oauth.net/core/1.0)
- Service Provider: A web application that allows access via OAuth.
- User: An individual who has an account with the Service Provider.
- Consumer: A website or application that uses OAuth to access the Service Provider on behalf of the User.
- Protected Resource(s): Data controlled by the Service Provider, which the Consumer can access through authentication.
- Consumer Developer: An individual or organization that implements a Consumer.
- Consumer Key: A value used by the Consumer to identify itself to the Service Provider.
- Consumer Secret: A secret used by the Consumer to establish ownership of the Consumer Key.
- Request Token: A value used by the Consumer to obtain authorization from the User, and exchanged for an Access Token.
- Access Token: A value used by the Consumer to gain access to the Protected Resources on behalf of the User, instead of using the User’s Service Provider credentials.
- Token Secret: A secret used by the Consumer to establish ownership of a given Token.