• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Buried in cloud files? We can help with Spring cleaning!

    Whether you use Dropbox, Drive, G-Suite, OneDrive, Gmail, Slack, Notion, or all of the above, Dokkio will organize your files for you. Try Dokkio (from the makers of PBworks) for free today.

  • Dokkio (from the makers of PBworks) was #2 on Product Hunt! Check out what people are saying by clicking here.


OAuth book

Page history last edited by Tantek 10 years, 7 months ago

OAuth book

OAuth Up And Running

Original thoughts on an OAuth book:

  • Simple
  • Short
  • Focused on OAuth client development


working title: OAuth: Up & Running

Might still do this - there's probably a lot more demand for it than a more comprehensive book. Can probably re-use material from one for the other, and vice-versa.


Definitive Guide to OAuth 2




Some thoughts on writing an OAuth book with Aaron Parecki et al


Part 1 feedback


Re: Part 1 overall. If I was a developer wanting to get up and running with OAuth, I wouldn't want to wade through all the history and nitty gritty of how OAuth works. Need chapters on example applications instead.

Re: Chapter 1. History can be an appendix. A one page summary timeline intro would be sufficient. Perhaps 1 page on password anti-pattern bad, how Flickr solved it with Flickr-auth good, and then 1 page on how OAuth 1 and 2 are the generalization/standardization of what Flickr-auth did instead.

Re: Chapter 2 and 3 - move these to a latter advanced section.

Then from a developer's perspective, I would expect to see one chapter for each type of client that just walked me through the code I needed to write.


Part 2 feedback


Part 2 (Ch 4-12) - the whole thing seems far too plumbing centric. Great for someone into protocols, but intimidating/overwhelming from an application developer perspective. I understand why each of these might be important to know, however the packaging can be improved. That is, each Chapter should be a feature / user-scenario of an app which then requires using a specific feature of OAuth, that way the motivation to make the feature work is what drives learning/understanding the feature, which is likely to be more effective than mere protocol curiousity which tends to be much rarer.


Part 3 feedback

Part 4 feedback

Part 3 and 4 are definitely advanced sections.

Comments (0)

You don't have permission to comment on this page.