Google supports OAuth for Google Contacts API -

Google supports OAuth for Google Contacts API

One step in the right direction is done by Google now by supporting OAuth as an alternative to their proprietary Google AuthSub for the Google Contacts API. According to this post on the OAuth mailing list the plan is to deploy OAuth for all the Google Data APIs.

This is very good news for having a standardized way for accessing web services without asking the user for their username and password. This of course is also good news for DataPortability as OAuth is one of those parts which we would like to see embraced. And after all the goal for OAuth was to get rid of all those proprietary auth protocols from Google, Yahoo, flickr et. al., so this is a good sign that this really is happening.

For the uninitiiated: OAuth is similar to what flickr does when some external service wants to get access to your photos. It redirects you to the site, the site then asks you to login and to confirm that this external service should be allowed to access these services. So you don’t need to give your password to any external service as they delegate the decision to the original service. So no more need to give out your GMail username/password with the Google Contacts API (and other similar services).

So cheers to Google!

Technorati Tags: , , ,

4 Kommentare » Schreibe einen Kommentar

  1. We recently posted a screencast of how our OAuth support API works with third-party applications. Anyone interested in seeing the user flow, can check it out at Looking forward to hearing more about at IIW08…

  2. Khurt, the interesting thing to note about OAuth is that it doesn't need to be widely adopted for it to "work". OpenID relies on having a lot of places to use it for it to be considered useful.

    OAuth on the other hand, is just a preferred protocol for handling how web applications ask users for access to their data. Every major web application does not need to offer it for it to be a benefit to the user. In fact, more often than not the end user will not even need to know anything about OAuth. It is more of a behind the scenes service…

  3. Hey Josh, that looks great. Always good to see sites using it.

    Khurt, adding to Josh's comment I also would like to add that OAuth is a rather new standard but to me it already seems to have many friends. Having Google on board will definitely help it, too.

    Of course this all needs lots of evangelism but to me it seems at least that adoption of these standards is accelerating. And once you have a tipping point you cannot really launch some service without them.

    So let's work together to make this happen! :-)