What is Toluu?
Toluu is a free service for sharing the feeds you read and discovering new ones.		 Get Invite

OAuth

An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.


Google launches OAuth PlaygroundSeptember 19

OAuth Playground

In an effort to make it easier to debug your OAuth calls — and interact with Google’s OAuth-protected resources — Google Data APIs engineer Eric Bidelman released the OAuth Playground today along with a comprehensive article on using OAuth with the GData APIs.

Along with the article and playground, Google now supports HMAC-SHA1 signing.

      
OAuth for .NET and CakePHPSeptember 9

We have two exciting announcements to make.

The first is a component for CakePHP for accessing services with OAuth called OAuth component for CakePHP (points for creativity!).

Second, Madgex has released a new open source OAuth library for .NET (also released under the MIT License), along with some interesting demos using Fire Eagle, the Google Contacts API and microformats. Documentation is here.

Good stuff!


Iron Money launches with OAuth-based APISeptember 1

Chasen Le Hara, a nineteen-year-old business finance major at California State University of Long Beach, has launched Iron Money’s API, and with it comes an application that makes heavy use of OAuth:

Iron Money’s API allows developers to build tools that leverage the financial data they upload to Iron Money. The API gives developers read, write, and delete access to all of the data they store in Iron Money. The API features OAuth for authorization and OpenID support will be coming sometime in the next few months.

Documentation is available as well as a PHP-based client library for interacting with the service.

If you want to sign up and give it a try, free registration is now open (as Chasen said, OpenID is coming soon).


OAuth licensing finalizedAugust 27

No doubt Eran Hammer-Lahav relished announcing the conclusion of the arduous IPR process for OAuth with the addition of a licensing statement now found on the specification, signed by AOL, Citizen Agency, Google, Ma.gnolia, Pownce, Six Apart, Twitter, Wesabe, Yahoo!, and the individual contributors:

Specifications are tricky creatures. On their own, they are only copyrightable. But on their own they are also not very interesting. Their value is in their implementations, and those are subject to patents. If you have been following the tech world over the past couple of year, you know that patents can be very risky to developers. The problem is that in order to implement specifications, the developer usually has to write code that uses some existing patents. It is practically impossible to know which patents are involved, but at a minimum, the developers need to know that the people who wrote the specification are not going to sue them.

Over the past 8 months we have been working to obtain the necessary protections for the community, to be able to freely implement the


Seeking feedback on OAuth Session Draft 1August 22

Allen Tom has announced the availability of the first draft of the OAuth Session Extension on the OAuth Extensions mailing list:

Here’s draft 1 of the OAuth Session extension which was discussed at the OAuth Summit.

This extension allows SPs to issue Access Tokens that can expire during the duration that the consumer is authorized, and defines a workflow for consumers to automatically refresh their Access Tokens. Additionally, this extension defines a mechanism for Consumers to request access to additional Protected Resources offered by the same Service Provider after being initially authorized.

We also added a interface for Consumers to tell the SP to invalidate its credentials.

Feedback and comments would be appreciated.

If you’re interested in providing feedback, please join the list and let your thoughts be known before this moves into subsequent drafts towards the final version!