OAuth

OAuth 2.0

OAuth 2.0 is the next evolution of the OAuth protocol which was originally created in late 2006. OAuth 2.0 focuses on client developer simplicity while providing specific authorization flows for web applications, desktop applications, mobile phones, and living room devices. This specification is being developed within the IETF OAuth WG.

Questions, suggestions and protocol changes should be discussed on the mailing list.

Reading the spec

The final version of the OAuth 2.0 core spec can be found at http://tools.ietf.org/html/rfc6749. See extensions and other documentation.

Implementations

Server Libraries

• Java
  • MitreID (with OpenID Connect)
  • Apache Oltu
  • Spring Security OAuth
  • Apis Authorization Server (v2-31)
  • Restlet Framework (draft 30)
  • Apache CXF
  • Tokens: Java library for conveniently verifying and storing OAuth 2.0 service access tokens.
• PHP
  • PHP OAuth2 Server and Demo
  • PHP OAuth 2.0 Auth and Resource Server and Demo
  • PHP OAuth 2.0 (AS with SAML/BrowserID AuthN, with management REST API)
  • PHP OAuth2.0 for Silex and Demo
  • PHP OAuth2.0 for Symfony and Demo
  • Nette OAuth2 provider for Nette framework and Nette REST API bundle
• Python
  • Python OAuth 2.0 Client + Server Library
  • OAuthLib (a generic implementation of the OAuth request-signing logic) is avaliable for Django and Flask web frameworks
• NodeJS
  • NodeJS OAuth 2.0 Provider
  • Mozilla Firefox Accounts. A full stack Identy Provider system developed to support Firefox market place and other services
  • OAuth2orize: toolkit to implement OAuth2 Authorization Servers
• Ruby
  • Ruby OAuth 2 Server (draft 18)
• .NET
  • .NET DotNetOpenAuth
  • Thinktecture IdentityServer
• Erlang
  • Erlang OAuth 2 Server framework
• Golang
  • Golang OAuth 2 Server framework

Proxy services

• OAuth.io (self hosted), and also you can use as an external service
• SSQ signon (self hosted), and also you can use as an external service
• Auth0: Authorization Server as a service (or self hosted)

Client Libraries

• PHP
  • league/oauth2-client: OAuth 2.0 Client from the League of Extraordinary Packages
  • oauth-api from PHP Classes
  • PHP OAuth 2.0 Authorization Code Grant Client
  • OAuth2/OpenID Connect Client Library for PHP/Zend Framework 2
• Objective C
  • Cocoa
  • iPhone and iPad
  • iOS and Mac OS X (draft 10)
• Swift
  • OAuthSwift
• Java
  • Apache Oltu
  • Spring Social
  • Spring Security OAuth
  • Restlet Framework (draft 30)
  • ScribeJava
• Scala
  • Silhouette
• Python
  • sanction
  • rauth
  • Authomatic
• Ruby
  • Ruby Gem
  • Ruby
• Javascript
  • Javascript
  • OAuth2-client-js
• Node.js
  • PassportJS
  • OAuth2-client-js
• .NET
  • OWIN Middleware
  • DotNetOpenAuth
  • Spring Social for .NET
• Qt/C++
  • O2 (supports OAuth 1.0a and 2.0)
• Lua/Corona SDK
  • Corona/Lua OAuth 2.0 API
• Dart
  • Dart OAuth 2.0 Client
• Golang
  • Go OAuth 2.0 Client

Services that support OAuth 2

• 37signals (draft 5)
• Auth0
• BookingSync
• Box
• Beeminder
• Campaign Monitor
• Clever
• Dropbox
• Facebook's Graph API
• Foursquare
• GitHub
• Google
• HiDrive
• Meetup
• NationBuilder
• Salesforce
• Citrix ShareFile
• Slack
• SoundCloud
• Do.com (draft 22)
• Windows Live
• time cockpit
• Zalando's baboon-proxy

Legacy

For more information on OAuth 1.0 and 1.0a, see the old About page.