Virtually all of Google’s APIs currently support OAuth 2.0, a framework for allowing third-party apps limited access to your data from other services, as their standard authentication mechanism. Starting today, Google is taking its OAuth 2.0 support a step further by bringing it to IMAP/SMTP and XMPP, the protocols that allow third-party access to Google services like Gmail and Google Talk. This move, says Google’s Ryan Troll, will allow developers to give users “tighter control over what data clients have access to, and clients never see a user’s password, making it much harder for a password to be stolen.” With OAuth 2.0 support, users will simply be able to revoke a client’s access to a service like Gmail without any impact to other apps that access the same data.
Google has been supporting OAuth for access to Gmail since 2010, but the framework’s version 2.0 adds a number of security features and also simplifies things for developers.
For users, the OAuth 2.0 experience will be pretty much the same as when they give an app access to their Gmail or Twitter accounts. The app never gets to see your passwords, and the authentication is handled by exchanging a token between the two services.
Developers who use IMAP/SMTP to access your Gmail accounts or XMPP to interact with Google Talk can start using OAuth 2.0 now. In today’s announcement, Google also stresses that the company is about to end support for its older account authentication APIs like XOAUTH for IMAP/SMPT, which uses OAuth 1.0a. The company is also deprecating support for a number of ways to access XMPP, so if you are a developer using these tools, make sure you take a look at today’s blog post.
Google provides search and advertising services, which together aim to organize and monetize the world’s information. In addition to its dominant search engine, it offers a plethora of online tools and platforms including: Gmail, Maps, YouTube, and Google+, the company’s extension into the social space. Most of its Web-based products are free, funded by Google’s highly integrated online advertising platforms AdWords and AdSense. Google promotes the idea that advertising should be highly targeted and relevant to users thus providing...
OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop, mobile and web applications. OAuth allows consumer developers to publish and interact with protected data. OAuth also allows service provider developers to give users access to their data while protecting their account credentials.
Austin, TX
Seattle, WA
San Diego, CA
Menlo Park, CA
Boston, MA
Disrupt Europe: Berlin Hackathon
Berlin, Germany
