Lunds universitet/Högskoleingenjörsutbildning i datateknik
Abstract
In this work two versions of Oauth have been analyzed, the protocol OAuth 1.0a and the newer framework OAuth 2.0. A higher version number is often considered a good thing, but OAuth 2.0 has encountered much criticism. It has been criticised of not being safe enough while OAuth 1.0a was criticised of being very complicated protocol to implement, which has stopped it from growing as expected. The following problem is solved with OAuth: a resource owner has resources on a server. A third party would like to use some of these resources in the resource owner's name. OAuth solves this by letting the resource owner authenticates at the server and agree that the third party is authorized to access the resources that the resource owner possesses. The result of this work led to an implementation of an OAuth client to LinkedIn on PMCG Scandinavia AB's project portal. The result is an OAuth 2.0 solution that gives LinkedIn users the ability to log in to the project portal through LinkedIn. LinkedIns OAuth 2.0 solution was considered to be sufficiently safe and much easier to implement and maintain
