OAuth 2.0

The specification and associated RFCs are developed by the IETF OAuth WG - ietf.org

The main framework was published in October 2012. (It was expected to be finalized by the end of 2010, according to Eran Hammer. However, due to discordant views about the evolution of OAuth, Hammer left the working group.

Facebook's Graph API (Facebook Platform#Graph API) only supports OAuth 2.0. Google supports OAuth 2.0 as the recommended authentication mechanism for all of its APIs. As of 2011 Microsoft has added OAuth 2.0 experimental support to their APIs.

The OAuth 2.0 Framework[ ] and Bearer Token Usage[ ] were published in October 2012. Other documents are still being worked on within the OAuth working group.

# Desktop applications Desktop applications cannot participate directly in OAuth 2.0 flows, however the embeddable browser controls available in most frameworks make it possible to work around this limitation.

Desktop applications should use the implicit client-side flow, hosting the process within a browser control. For redirect_uri, a value of:

https://stackexchange.com/oauth/login_success

should be used. Upon a successful authentication, access_token will be placed in the url hash as with a standard implicit authentication - stackexchange