app/views/oauth/docs/markdown/oauth.md.erb in opro-0.0.1.pre1.0.1 vs app/views/oauth/docs/markdown/oauth.md.erb in opro-0.0.1.pre1.0.2

- old
+ new

@@ -1,3 +1,28 @@ -Oauth is ... TODO +## Opro Oauth -<%= link_to "Facebook's Server Side OAuth Authentication", 'http://developers.facebook.com/docs/authentication/server-side/'%> \ No newline at end of file +OAuth comes in a few different flavors, the implementation of OAuth comes from <%= link_to "Facebook's Server Side OAuth Authentication", 'http://developers.facebook.com/docs/authentication/server-side/'%>. + + +## What is It? + +OAuth is a secure way to grant authorization without having to transfer passwords to third parties. If you've used an iPhone or Android app to access Twitter or Facebook you've likely used OAuth. + +The flow is simple, it is started when a user clicks on an authorization button, they are then directed to the OAuth provider's website, such as Facebook. They are then prompted to confirm with the OAuth provider that they are who they say they are by logging in. The user is then given the opportunity to grant authorization to the OAuth client (where the request was initiated, such as the iPhone). After returning to the client, a code is sent that can be exchanged for a secure token. This secure token can be used to authenticate as the user. This way an iPhone client can ask for personalized content to show to the user, such as a friend list, or messages. This is the mechanism that drives most of the web. + +## Not just Mobile + +Client and server side web applications can use this type of authorization to add features to their service such as posting things to a timeline, or adding personalization. + + +## Alternatives + +OAuth is simple in concept, but can be tricky to implement right. Many services also support basic auth. With basic auth you send a user's username and password along with every request. While this is fairly simple it means that the client application has access to your password, which is not very secure. There are other standards such as xAuth, and likely more to come in the future + + +## Clients + +This website is an OAuth Provider, and you can create an OAuth client to access this website as a logged in user for select url's. + +To get started getting your first OAuth token follow the <%= view_context.link_to 'quick start guide', oauth_doc_path(:quick_start) %>. + +