For a project I’m working on, I’ve been looking at a lot of web service authentication/verification APIs lately. I thought folks might be interested in the results. Here are the methods available for a variety of web services/applications online, with links to their appropriate docs:
|Web Application||Authentication Method|
|Delicious||OAuth (and HTTP Basic)|
|Custom token (Facebook Connect)|
|Custom token (modhash)|
|Tumblr||HTTP POST (plaintext password)|
|YouTube||AuthSub and OAuth|
- 21 web services analyzed
- 10 (48%) are using OAuth (including YouTube)
- 5 (24%) are using AuthSub (also including YouTube)
- Dopplr is the only non-Google property using AuthSub
- Tumblr is the only property using plaintext passwords, although Posterous is using HTTP Basic, which is basically plaintext
Looks like OAuth is gaining some real traction, and in fact if Google switched over to using it, it’d have a real hold on the authentication space. That would probably be a good thing. Next up in my adventure will be seeing how truly conformant/compatible all these OAuth implementations are, and how portable my code be able to be in accessing them all.
If you’d like to add any others that you know about, please throw them in the comments and I’ll add them to the table above so everyone can find them.