OAuth book

working title: OAuth: Up & Running

Some thoughts on writing an OAuth book with Aaron Parecki et al

Part 1 feedback

Re: Part 1 overall. If I was a developer wanting to get up and running with OAuth, I wouldn't want to wade through all the history and nitty gritty of how OAuth works. Need chapters on example applications instead.

Re: Chapter 1. History can be an appendix. A one page summary timeline intro would be sufficient. Perhaps 1 page on password anti-pattern bad, how Flickr solved it with Flickr-auth good, and then 1 page on how OAuth 1 and 2 are the generalization/standardization of what Flickr-auth did instead.

Re: Chapter 2 and 3 - move these to a latter advanced section.

Then from a developer's perspective, I would expect to see one chapter for each type of client that just walked me through the code I needed to write.

Part 2 feedback

Part 2 (Ch 4-12) - the whole thing seems far too plumbing centric. Great for someone into protocols, but intimidating/overwhelming from an application developer perspective. I understand why each of these might be important to know, however the packaging can be improved. That is, each Chapter should be a feature / user-scenario of an app which then requires using a specific feature of OAuth, that way the motivation to make the feature work is what drives learning/understanding the feature, which is likely to be more effective than mere protocol curiousity which tends to be much rarer.

Part 3 feedback

Part 4 feedback

Part 3 and 4 are definitely advanced sections.

Overall feeedback

Overall this outline is looking more like an "OAuth: The Definitive Guide" and less like an "OAuth: Up & Running". Has the potential scope/purpose of the book changed?