HTML and CSS Reference
How OAuth Works
Before we talk about what's happening, let's look at a real-world OAuth workflow: social photo-sharing site Flickr is
part of the Yahoo! family of companies, but it also allows users to log in to the service using its Facebook or Google
Most likely, this workflow is something you've seen before and possibly even something you've used on multiple
occasions. On the user side, it's extremely simple, which is part of its appeal. A user clicks the sign in button and
chooses to log in with one of the existing accounts that supports OAuth (see Figure A-1 ), then confirms with the
selected service—Facebook, in this example—that the requesting app has permission to access the requested data
(Figure A-2 ). After that, the user is logged in.
Figure A-1. The Flickr home page allows login with Google or Facebook in addition to its Yahoo-based account system
Figure A-2. After clicking to sign in with Facebook, Yahoo! requests permissions from Facebook, which you are given the
option to approve or cancel
■ if you look at the lower right of the Facebook login dialog, the requested permissions are listed for the user to
review before approving.
From a user's perspective, this is three quick clicks. On the developer side, it's a little more complex (though it's
still considerably easier to implement than a custom account registration and login system).