Making auth easier: OAuth 2.0 for Google APIs
One of the most exciting things about the architecture of the web is how
easily it supports mashups—URLs, IFRAMEs, XHR, and more make it easy to build great new
services on top of building blocks from others. As more and more people use the web for
non-public data, we need new techniques to secure those building blocks. That’s where OAuth
comes in—an open, standard way for users to grant permission for an application to access part
of their account.
Since we
announced
support for OAuth in 2008, we've seen tremendous usage growth in our APIs that
require user authorization, like Calendar and Docs. While the spec isn't completely finalized,
Google is pleased to announce our experimental support of an easier way for developers to
obtain user authorization for our APIs:
OAuth 2.0 with bearer
tokens. Whether you use
our updated
client libraries or just
write to the
protocol, you should be able to do more with less code.
In
addition to supporting a simplified protocol, we're also introducing a simpler, cleaner
consent page for OAuth 2.0:
Google
believes in open systems that give users value, transparency and control. We hope the OAuth
2.0 protocol helps developers deliver just that: powerful applications that make use of user
data without compromising on safety or security. Check out our
documentation to get
started with OAuth 2.0.
By Andrew Wansley, Google Developer Team
