[OAUTH-WG] OAuth 1.0a flow diagram
Idan Gazit <idan@pixane.com> Wed, 02 December 2009 00:21 UTC
Return-Path: <idan@pixane.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id F118E28C13D for <oauth@core3.amsl.com>; Tue, 1 Dec 2009 16:21:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJtB9KQVDBx3 for <oauth@core3.amsl.com>; Tue, 1 Dec 2009 16:21:36 -0800 (PST)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.25]) by core3.amsl.com (Postfix) with ESMTP id 92C6828C138 for <oauth@ietf.org>; Tue, 1 Dec 2009 16:21:36 -0800 (PST)
Received: by ey-out-2122.google.com with SMTP id 4so1273228eyf.51 for <oauth@ietf.org>; Tue, 01 Dec 2009 16:21:23 -0800 (PST)
Received: by 10.216.87.194 with SMTP id y44mr2250881wee.204.1259713282675; Tue, 01 Dec 2009 16:21:22 -0800 (PST)
Received: from ?10.0.0.5? (93-173-158-244.bb.netvision.net.il [93.173.158.244]) by mx.google.com with ESMTPS id i35sm1287612gve.11.2009.12.01.16.21.20 (version=TLSv1/SSLv3 cipher=RC4-MD5); Tue, 01 Dec 2009 16:21:21 -0800 (PST)
Message-Id: <42D0D54E-BD07-41E2-A823-F6AD3365D833@pixane.com>
From: Idan Gazit <idan@pixane.com>
To: oauth@ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Wed, 02 Dec 2009 02:21:19 +0200
X-Mailer: Apple Mail (2.936)
X-Mailman-Approved-At: Tue, 01 Dec 2009 18:35:42 -0800
Subject: [OAUTH-WG] OAuth 1.0a flow diagram
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2009 00:23:55 -0000
Hey folks, I redrew/updated an old diagram (http://documentation.fring.com/images/1/11/Oauth_diagram.png ) outlining the OAuth authentication flow. The old one didn't reflect the changes in 1.0a. The updated diagrams are here: http://s3.pixane.com/Oauth_diagram.png http://s3.pixane.com/Oauth_diagram.pdf Please feel free to use them, I hereby place them in the public domain. I was pointed in their direction by Mike Malone, after having looked for exactly such a thing (for quite a while). He mentioned that the reason it was chucked from the documentation is that it doesn't reflect the changes made in the wake of the session fixation attack. I took the old diagram, took the spec, and updated as required, with some minor changes for legibility and aesthetics. Speaking as somebody who has tried (and failed) to digest OAuth by means of the long and detailed spec, this sort of diagram is extremely helpful in getting the "big picture" across. I'm not knocking the need for a good spec, but a one-page overview that pulls it all together without going into too much detail is sorely missing from the docs. This diagram goes a long way towards meeting that need. Just my $0.02! Thanks for authoring this standard, hope this is useful! -Idan
- [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Eran Hammer-Lahav
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Paul Madsen
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Eran Hammer-Lahav
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Leah Culver
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Peter Saint-Andre
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Justin Richer
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Richard Barnes
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Chris Messina
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Richard Barnes
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Chris Messina
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Idan Gazit
- Re: [OAUTH-WG] OAuth 1.0a flow diagram Richard Barnes