Possible Duplicate:
How is oauth 2 different from oauth 1 开发者_运维技巧
I know these 2 are not backward-compatible. But, having implemented OAuth 1.0 already, is it easy to switch to OAuth 2.0? Thanks
OAuth 1.0 and 2.0 are two completely different protocols. However, they are designed to solve pretty much the same basic set of use cases and most of the people developing the new version have working 1.0 implementations. So they all made sure it would be trivial to upgrade.
With 2.0 you get more choices when it comes to how you want to issue and authentication access tokens. The providers with early 2.0 support use Bearer tokens which are send over HTTPS and don't include any cryptography on their own. Another (much better) option is to use MAC tokens which are similar in design to OAuth 1.0 HMAC-SHA1 but are simpler to use (no crazy parameters normalization).
The main difference and where the transition can be more complex is when dealing with large scale. 2.0 handles scale significantly better than 1.0 (which actually sucks at it). So if you have needs for scale, 2.0 would make your life much easier, but to take advantage of it, you'll need to do some work.
OAuth 2 relies on https for security, you don't have to "sign" requests anymore, just send your API key and tokens as querystring parameters.
It's really easy to implement, you don't need libraries or anything like that.
Check facebook's graph api to start playing with OAuth2!
OAuth 2.0 is not finalized yet, and is quite different from 1.0. So 1.0 experience is not that much help for 2.0, though it is some help.
As already pointed out, the major difference is that it relies on HTTPS for security so you no longer need to sign requests. This would be good if not for XSS attacks and Firesheep!
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论