Yet another AuthProxy

OAuth — An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications.

Not much on this site at the moment, but keep an eye on this one.

With all the talk of opening the social graph we will need an open protocol to do proxy authentication, where users log into the data provider and not the mashup. Don’t confuse this technique with OpenID; it’s almost the reverse. OpenID lets you control who owns your login credentials, and this method let’s a mashup use your remote data without knowing your login credentials. This protocol definitely needs a generic buzzword–I’m gonna call it AuthProxy until someone more important than me comes up with something better.

Development-wise we have several solutions, from Google’s AuthSub and ClientLogin to Yahoo!’s BBAuth. If you’ve ever played with a site that does stuff with your Flickr account, you’ve used AuthProxy. It usually involves a username/password login on the data provider’s site, which then redirects back to the mashup with a token. The token is passed back to the data provider’s via an API call, which allows the mashup to access  the user’s personal data, but without sharing the user’s login credentials, or sometimes any identifying information.


About John Herren

John Herren is a developer and technical consultant with focus on web applications. He currently serves as Director of Development for Primetime US, the company behind the hit movie and book The Secet. John was formerly staff writer and developer community evangelist for Zend Technologies. Along with founding neat experiments like, John is an active member in the mashup community, working with API providers and speaking at conferences. He is a published author of Linux certification study material. John enjoys using open source software like PHP and Ruby on Rails to bend the web into exciting new chimeras of hyperlinked goodness. View all posts by John Herren

One response to “Yet another AuthProxy

  • Chris Radcliff

    This is definitely one to watch. I’m personally hoping it will displace AuthSub, BBAuth, and any number of custom AuthProxy solutions, so we can finally get down to a simple OAuth + OpenID system that everyone can support.

    Now to see how difficult it is to implement…

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: