OAuth

Posted on Updated on

Social networks like Facebook and Twitter use a method of authentication known as OAuth to grant permissions to the applications to deal with our data. The permission grant is explicit. But we do not know what the permission we are giving to the application. Though the social networks boast lot about this OAuth as secured and more, really they are not much secured.

It similar to give your password and username to this applications

Let’s see that if you are supposed to take a quiz in the Facebook. You click on the application and you will see a similar dialog box as below.

image

What we do in the curious of taking the quiz (even though we are not we do not read it Smile ). We just click the ‘Allow’ and jumped into the quiz or that particular app and do the stuff, publish the result in the wall (mostly) and exits. We do not care about the evil side of this.

Now take a close at the above declaration

image

Now you can understand it is similar to giving your password to someone. The worst part we think that this permission grant is for those few minutes we use the application. But once you give the permission it will remain forever until you remove the permission. Yes you can remove the permission.

In Facebook Go to the Account –> Application Settings.

There you can see the list of applications authorized by you, in the Authorized category. Simply click the ‘x’ mark to remove the authorization. When I checked my list there were 354 applications that I have authorized. Sad part is most of them are mere quizzes that we only take once. But they still have the access to our data. Sad smile

image

Creating your own app in Facebook using the OAuth is easy and you can get more details on the following page. http://developers.facebook.com/docs/guides/web

More on Facebook OAuth 2.0 : http://developers.facebook.com/docs/authentication/

Facebook OAuth 2.0 has some extended privilege options as well which gives full permission to our data.

Some applications and quizzes are more tempting so do them and delete the permission after you have done Open-mouthed smile

Advertisements