All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

Understanding OAuth: The Authorization Framework for Secure Third-Party Access

By

egonschiele

9mo ago· 15 min readen
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

Slow-proofed and worth the wait. Worth its weight in flour.

Score100Typehow-toSentimentneutral

Summary

This article provides an educational overview of OAuth, an authorization framework created by Twitter in 2007 to allow third-party applications to access user data without requiring password sharing. It explains the security problems with traditional password-based authentication methods and introduces OAuth as a safer alternative for delegated access to user accounts across different services.

Key quotes

· 4 pulled
OAuth was first introduced in 2007. It was created at Twitter because Twitter wanted a way to allow third-party apps to post tweets on users' behalf.
One way would just be to ask the user for their username and password. So you create an unofficial Twitter client, and present the user a login screen that says 'log in with Twitter'.
The user does so, but instead of logging into Twitter, they're actually sending their data to you, this third-party service which logs into Twitter for them.
This is bad for a lot of reasons...
Snippet from the RSS feed
OAuth was first introduced in 2007.

You might also wanna read

Why Security Through Obscurity Still Matters as a Practical Defense Layer

The article challenges the common developer mantra that "security through obscurity is bad," arguing that obscurity (like JavaScript obfusca

mobeigi.com·28d ago

Scratch's ongoing security challenges with SVG sanitization

The article discusses the security challenges Scratch faces with SVG sanitization. Scratch parses user-generated (attacker-controlled) SVG c

muffin.ink·1mo ago

CT Log Explorer: A Tool for Browsing Certificate Transparency Logs

CT Log Explorer is a tool for browsing Certificate Transparency logs, which are public records of SSL/TLS certificates issued by Certificate

certs.swerdlow.dev·4mo ago

Svelte Ecosystem Releases Security Patches for 5 Vulnerabilities

The Svelte ecosystem has released security patches for 5 vulnerabilities affecting multiple packages including devalue, svelte, @sveltejs/ki

svelte.dev·4mo ago

Security Warning: Exposed Supabase API Keys Leave Databases Publicly Accessible

The article describes a security vulnerability where developers often leave their Supabase databases publicly accessible by exposing API key

skilldeliver.com·5mo ago

Next.js Security Update: Two New React Server Component Vulnerabilities Identified

Two new security vulnerabilities (CVE-2025-55183 and CVE-2025-55184) have been discovered in React Server Components (RSC) protocol, affecti

nextjs.org·5mo ago