It seems at every API conference, there is a new feature being released by the team at OAuth.io. In October, at API Strategy and Practice in San Francisco, OAuth.io released a mobile SDK. Now after APIDays in Paris, OAuth.io has released a ‘code request’ feature to abstract usage tokens in the authentication process. Co-Founder Mehdi Medjaoui spoke with ProgrammableWeb about the service that provides a unified API for any OAuth implementation.
“OAuth is completely fragmented on the web”, Medjaoui told ProgrammableWeb. “There are multiple specs and workflows that are either respected or not, so we decided to make a glue for OAuth. We made a simple JSON configuration that describes any OAuth workflow in a simple way. It’s a straightforward way to make any OAuth into a simple API. And it’s open source. With this as our basis, we have then built up a service that makes all the OAuth flows function easily.”
Already, there are over 1900 running applications using OAuth.io in their authentication process, and a full breadth of startup developers using the OAuth.io tool. While Medjaoui is pleased that the service is letting developers get on with building new products, one of his greatest achievements is how OAuth.io has been used recently amongst US Federal Government departments. “I’m most proud of how Kin Lane is using OAuth.io for his White House project, so there is authentication on the client side. Now we are making our terms of service comply with US Government standards to enable it to be used on Government servers,” Medjaoui said.
Part of OAuth.io’s appeal amongst developers is how it handles security issues, says Medjaoui. “We have a flow that also goes on the server side, so we don’t store access tokens. In this way, we also become a single point of failure, so we are an OAuth backend, but we are open source: you can have OAuth.io on your own server, for example. And we avoid all attacks for any known CSRF exploits.”
“This latest feature… it’s like instead of going through those airport security checkpoints, you get to walk straight through.” Medjaoui pauses for a minute to make sure the analogy holds up. “Oh, and it makes your luggage 10 kilos lighter!”
Developers can trial the service via the OAuth.io developer portal.