What is the future of OAuth 1?

Question

I'm going to start writing an API for my open source project. Should I go with OAuth 2 for authentication or OAuth 1?

My main problem with OAuth 1 is that I don’t want to invest in developing an API based on this if OAuth 1 will soon become obsolete.

My question is, will OAuth 1 become obsolete soon? Also, I think that from an API end-user perspective, OAuth 2 seems to be easier to implement.

Should I just write the OAuth2 API and forget about OAuth 1, or is there any good reason to use OAuth 1 at the moment?

+3

Dmitri May 28 '11 at 14:54

4 answers

Eran Hammer · Answer 1 · 2011-07-26T07:31:42+0000

OAuth 2.0. . , - OAuth 1.0 . 2.0 , .

1.0, , , . RFC . , 2.0 , 1.0 . IETF .

Buhake Sindi · Answer 2 · 2011-06-02T13:33:41+0000

OAuth 2 ( , 16), OAuth 1 RFC (RFC 5849).

OAuth 2 , OAuth 1, , , , . RFC OAuth 2 , .

Addon. OAuth 1 , RFC . IETF RFC "". , OAuth 2 RFC OAuth 1 RFC. , OAuth 1 .

, .

Brian Lyttle · Answer 3 · 2011-05-28T15:31:19+0000

() API . , ? , OAuth2. , , . , , , . , .

( ?), Oauth2.

mmrs151 · Answer 4 · 2013-04-11T11:13:32+0000

OAuth. , , OAuth, , .

They are concerned about the security and vulnerability of OAuth 2.0. This is what Hammer OAuth2.0 describes

more complex, less interoperable, less useful, more incomplete, and most importantly, less safe.

Maybe it's time to look at SAML for OAuth users.