OAuth is a technology that can be thought of as a user's "valet key" for the Web. Just as you don't share your Facebook password with applications built on Connect or Platform, OAuth provides the same sort of functionality but in a standard way that can also be used by developers anywhere. In the end, we're trying to make it simpler not just for developers building on our APIs, but for everyone building with OAuth.
While Facebook Connect and our APIs do not use OAuth today, we've been working over the past month to share what we've learned with the broader community and shape both the new OAuth WRAP specification and OAuth's IETF standardization effort. We plan to continue developing OAuth WRAP within the community and incorporate it directly into Facebook Connect next year.
FriendFeed offers OAuth WRAP these endpoints:
- Authorize URL: https://friendfeed.com/account/wrap/authorize
- Access Token URL: https://friendfeed.com/account/wrap/access_token
We're very interested in what you think about OAuth WRAP in its current form. Bret Taylor, our director of Platform, has gone into more of the technical details of OAuth WRAP and some of the tradeoffs being made between WRAP and traditional OAuth.
Happy Holiday Hacking!
David Recordon, senior open programs manager, is looking for engineers that love open standards (like OAuth, OpenID, Activity Streams) and making the entire Web a more open social place. (want a job?)