OAuth 2.0 has no signatures because all the cryptography has been moved from the OAuth layer to the transport-layer by requiring the use of TLS. This makes it way easier to implement and for laymen to play around with - akin to what made Twitter's API so popular (Or, I could be horribly mistaken - I did only find time to read through the 2.0 spec last weekend)
So basically you can choose between: 1.0 (a) - Tons of solid implementations - can be hard to trouble-shoot because of all the cryptography. Semi hard to get you head around. Stabil. 2.0 - Easy, but requires TLS (aka SSL-certificate and https). Liable to changes as the draft matures. -M On Jul 6, 2010, at 5:17 PM, Mendel wrote: > Hello all, > > I'm gonna build a OAuth server soon, which version (1.0 or 2.0) or > draft version do you recommend to use? In draft 9 (OAuth 2.0) the > signature process is left out, in my understanding because we can't > agree about a standard yet. Do you guys recommend using the one in > draft 5? I think it's a waste to build for OAuth 1.0 now. > > Not a very technical question, but hopefully you could give me some > feedback. > > Mendel > > -- > You received this message because you are subscribed to the Google Groups > "OAuth" group. > To post to this group, send email to [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/oauth?hl=en. > > -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
