Naming is Hard

About two months ago James Box asked Glenn and I whether we’d talk about OAuth and data portability at an upcoming Skillswap—an invitation we could not refuse. A few weeks passed, and the talk was forgotten about. We were then asked to provide abstracts and bios. After throwing together an abstract and an embarrassingly brief bio, work on the talk languished until just a few days before the event.

Although this was my first proper speaking gig and in spite of my procrastination, the night went well. The audience, although modest, was enthusiastic about the subject and only one of our two laptops refused to co-operate (the MacBook Pro is still the best Windows laptop!). I was on first with an introduction to OAuth, looking at the motivation for OAuth before some less-than-flawless demos and a relatively top-level explanation of how OAuth works. After an interesting Q&A session and a break for beers, Glenn delivered a fascinating presentation about the work he has done exploring data portability using open stack technologies. If you only have time for one talk, read Glenn’s!

For posterity, I’ve embedded my presentation below. Glenn has also posted his talk on his blog and James has promised to post the audio from the event as a podcast.


Finally, I’d like to thank James for organizing this Skillswap. It was an enjoyable and interesting event, and I’ll definitely be watching out for the next one. Also, if you ever get the chance to speak at such an event, I would urge you to take it up. Speaking in front of such a passionate audience is certainly interesting and, in the words of the great Douglas Adams, mostly harmless.

Over the last few months, as part of Madgex’s ongoing commitment to research and development, I have been working closely with Chris Adams to build an OAuth library for .NET, which we’ve cleverly named OAuth.net.

Today, I’m delighted to announce that Madgex is open-sourcing this library for everyone to use. To mark the occasion, we’ve put some demos up on the Madgex Lab site and loaded the source code on to Google Code!

OAuth: simple, standard and secure API authentication

OAuth is a fresh new standard that allows users to share their online data between different web, desktop and mobile applications without also having to share their passwords.

A great example of a use case is the friend import feature that all social networks seem to have. Just give them your email address and password, and they will kindly go off and find your friends for you! Oh, and they promise not to write your password down on any post-its. Honest.

Hopefully, everyone can see how this is a Bad Idea. It’s so bad, in fact, that it has a big scary name: the Password Anti-Pattern. With OAuth, however, you don’t have to give the social network your password; instead they simply send you to your webmail site where you log in and issue them a special token. The token, like a valet car key, gives access to your contacts but is useless for any other purpose.

Of course, OAuth isn’t just for sharing address books. OAuth can (and should) be used wherever a user’s private data is to be shared between a website and a third-party web, desktop or mobile application. Other examples include location-aware applications that fetch your location from Fire Eagle, and photo printing sites that turn your online photos into lovely printed albums.

Find out more

If I’ve piqued your interest (and I hope I have), here’s how to find out more. First, I will be talking about OAuth at Barcamp Brighton 3 this weekend, so if you’re lucky enough to have a ticket, pop along to my session and ask me lots of tough questions! Madgex also have a stand at dConstruct today, so feel free to pop along and grab Chris, Glenn or me for a chat. We’ll also be at ReMix UK 08 in a few weeks time, if you’re not around this weekend.

Next, download the source code and peruse the examples on the Madgex Lab site. For a more in-depth discussion, I’ve written a getting started guide where I show how to build a Fire Eagle mashup with Google Maps.

Finally, we’d love to hear from you, so email us at oauth-dot-net@madgex.com or tweet me, Glenn or Chris.

Update: Barcamp Brighton 3 presentation slides

I’ve uploaded the presentation slides here. (Although the slides are quite sparse, pretty much everything I said is in the notes for the slides)