OAuth, app permissions, and a false sense of security

Windows Central

WinC Bot
Staff member
Dec 17, 2013
72,991
54
0
Visit site
Oauth_Security_lede.jpg

[h=2]Disclaimer[/h]There is nothing new in this post. I'm just bringing this up now because a lot of people seem to not know the facts. It also has nothing to do with Windows Phone specifically, but rather pretty much every platform. The point of this post is not to spread FUD, but to remind people to not take security for granted.
[h=2]OAuth[/h]For those that don't know what OAuth is, it is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials.

These days OAuth is used pretty much everywhere where an external client needs to login to some sort of service. You've used it with Google (I used it to upload the video in this post), Microsoft apps (Skype, Xbox Smartglass, Visual Studio), Twitter, Facebook, and countless others.

Full story from the WPCentral blog...
 

Members online

Forum statistics

Threads
322,534
Messages
2,242,215
Members
427,952
Latest member
markd081711