NotesID ToÂkens are litÂtle chunks of text which claim that some parÂticÂuÂlar perÂson wants to tell some parÂticÂuÂlar party out there that theyâre signed in and auÂthenÂtiÂcated by the IdenÂtity Provider that isÂsued the token.FeedUnfurl
Notes"We're happy to announce support for the OpenID OAuth Hybrid Protocol, which combines OpenID authentication (sign in) with OAuth authorization (access control) in a single interface. The Hybrid Protocol makes it easy for the hundreds of millions of Yahoo! users to sign into websites with a Yahoo! account, and to enable two-way data sharing of their Profile, Contacts, and Updates, without having to register a new site-specific account or share their Yahoo! password."Unfurl
Notes"From time to time I need to debug OAuth-protected APIs, checking response headers and examining XML and JSON payloads. curl generally rocks for this sort of thing, but when the APIs in question are protected with OAuth, things break down. Likewise for benchmarking (ab, httperf, etc.) and explorationâisnât it nice to browse APIs that return XML in Firefox?
This neednât to be the case."FeedUnfurl
Notes"+1 for OAuth. This is the sort of thing about which we once said "never again", after the blog posting thingy and retaining user credentials there."Unfurl
Notes"Mike released HTTP_Request_OAuth today, so I spent a little while this evening coding up Service_Twitter as helper class for making OAuth authorized requests against the Twitter API."Unfurl
ongoing by Tim Bray · On ID Tokens
Exploring OAuth-Protected APIs :: Drive-by Digressions