Welcome to WebmasterWorld Guest from

Forum Moderators: LifeinAsia

Message Too Old, No Replies

Are oauth tokens the new email addresses?

12:54 pm on Jun 28, 2016 (gmt 0)

Administrator from CA 

WebmasterWorld Administrator bakedjake is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Apr 8, 2003
votes: 61

oauth is a scheme that allows users to give your website permission to access their accounts on social networks (and really, any other site/service that supports oauth). Because of the way oauth works, and because most users stay perpetually logged in to the services they use, it's very easy to make it work in a "click-click" way for the vast majority of users.

oauth allows you to request access to user data from third party sites via "scopes". As a practical example, the default Google+ scope gives you access to the basic publicly available profile information of the user (including email address), but there are other scopes you can request - like the person's circle of friends, for instance. Users can revoke your authorization at any time using tools provided by the third party sites (like Google's My Account), so it's user friendly and consent driven.

Each service has different scopes that do different things (Facebook's scopes are not the same as Google's), but they all roughly have a "profile" scope which will let you capture basic user information and most of them have a "post" scope which will let you post on behalf of the user with their consent in certain ways. Often there are rules that govern these actions (for example, some actions have to be user initiated and cannot be automated), but they're sensible for the most part.

With the rise of chat services and the amount of effort and money being put into bots and conversational interfaces by people that have most of the eyeballs on the internet, I can only imagine that it's a matter of time before there are oauth scopes to control the messaging components of these platforms. You can already send transactional messages using Facebook for example.

Anyone already doing anything cool with oauth on their site, or collecting consent in preparation for the future?

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members