OAuth Authorization and Social Network APIs

Wednesday, November 24, 2010 at 10:36:31

Yesterday I gave a talk at devclub with a broad overview of social network APIs, and as usual, not everything I wanted to say made it into the talk. In particular, topics around privacy and the future, and one question from the audience.

authentication = identity verification (of a user), from authentic = genuine, real
authorization = permission (to perform actions)

OAuth is about authorization (granting an app permission via a token), not about requested privileges themselves or subsequent API actions. Authentication should be handled by the social network itself.